Thanks Maxim Solodovnik. It took me a while to identify the problem. Your reply helped me, in my case 'setEscapeModelStrings(false)' was set on the feedback panel. The problem is solved after removing it.
*Thanks And RegardsSibi.ArunachalammCruncher* On Tue, Oct 27, 2020 at 9:01 AM Maxim Solodovnik <solomax...@gmail.com> wrote: > You can completely disable inline scripts using strict CSP > And of cause this is you who output the script entered to the page :) > If it is done via Label just remove 'setEscapeModelStrings(false)' > > If you need to accept and display HTML input, you can 'sanitize' form value > > from mobile (sorry for typos ;) > > > On Tue, Oct 27, 2020, 07:34 Arunachalam Sibisakkaravarthi < > arunacha...@mcruncher.com> wrote: > > > Hi guys, > > JS script alert is displayed when user input <script>alert('xss > > attacks')</script> and submit the form. How to handle this? Basically I > > want to prevent Cross-Site-Scripting from user inputs. > > Is it possible to do this globally since our Wicket Webapp is big? > > I found the below post which is discussed in 2010. > > Preventing-user-input-script-injection-attacks > > < > > > http://apache-wicket.1842946.n4.nabble.com/Preventing-user-input-script-injection-attacks-td3059119.html > > > > > > > > > > > *Thanks And RegardsSibi.ArunachalammCruncher* > > >