Parameters to validation errors should be HTML Encoded before display on the
page
---------------------------------------------------------------------------------
Key: STS-256
URL: http://mc4j.org/jira/browse/STS-256
Project: Stripes
Issue Type: Bug
Components: Tag Library, Validation
Affects Versions: Release 1.4
Reporter: Andy
Assigned To: Tim Fennell
If a user enters an invalid value in a field that contains HTML characters and
the error message includes the value as a parameter (e.g. {0} is not a valid
{1}), then the HTML makes it into the page un-escaped.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://mc4j.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Stripes-development mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-development
