If a user has entered some HTML in a TextField or TextArea<String> when I do not want HTML to be entered, what is a good way to prevent this?
Currently, I store the offending strings and then render them using a Label or MultiLineLabel, but for neither component does Component.setEscapeModelStrings(true); have an effect (presumably since this setting is already true by default). Am I condemned to coding a method to examine the models of my TextField and TextArea<String> components at form-submission-time and remove any HTML code manually? Any comments would be appreciated, Ian -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Preventing-user-input-script-injection-attacks-tp3059119p3059119.html Sent from the Users forum mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org