Thanks Maxim Solodovnik.
It took me a while to identify the problem.
Your reply helped me, in my case 'setEscapeModelStrings(false)' was set on
the feedback panel.
The problem is solved after removing it.
*Thanks And RegardsSibi.ArunachalammCruncher*
On Tue, Oct 27, 2020 at 9:01 AM Maxim Solodovnik <solomax...@gmail.com>
wrote:
> You can completely disable inline scripts using strict CSP
> And of cause this is you who output the script entered to the page :)
> If it is done via Label just remove 'setEscapeModelStrings(false)'
>
> If you need to accept and display HTML input, you can 'sanitize' form value
>
> from mobile (sorry for typos ;)
>
>
> On Tue, Oct 27, 2020, 07:34 Arunachalam Sibisakkaravarthi <
> arunacha...@mcruncher.com> wrote:
>
> > Hi guys,
> > JS script alert is displayed when user input <script>alert('xss
> > attacks')</script> and submit the form. How to handle this? Basically I
> > want to prevent Cross-Site-Scripting from user inputs.
> > Is it possible to do this globally since our Wicket Webapp is big?
> > I found the below post which is discussed in 2010.
> > Preventing-user-input-script-injection-attacks
> > <
> >
> http://apache-wicket.1842946.n4.nabble.com/Preventing-user-input-script-injection-attacks-td3059119.html
> > >
> >
> >
> >
> > *Thanks And RegardsSibi.ArunachalammCruncher*
> >
>
