Thanks Ernesto Reinaldo for your suggestion.
In the same context, I want to validate the user's input.
Is there a proper/standard way to validate all Text Fields in a form?
Currently IVisitor is used to iterate components in the form.
*Thanks And RegardsSibi.ArunachalammCruncher*
On Fri, Oct 30, 2020 at 1:49 PM Arunachalam Sibisakkaravarthi <
arunacha...@mcruncher.com> wrote:
> Thanks Ernesto Reinaldo for your suggestion.
> In the same context, I want to validate the user's input.
> Is there a proper/standard way to validate all Text Fields in a form?
>
>
>
> *Thanks And RegardsSibi.ArunachalammCruncher*
>
>
> On Wed, Oct 28, 2020 at 5:22 PM Ernesto Reinaldo Barreiro <
> reier...@gmail.com> wrote:
>
>> Hi,
>>
>> If you want to make sure none of your developers use his/her fat fingers
>> you might register at application level a
>> IComponentOnBeforeRenderListener that
>> checks/sets this to true. If you want to exclude some components you can
>> create some annotation to mark components that are allowed to have this
>> set
>> to false.
>>
>> On Wed, Oct 28, 2020 at 8:57 AM Arunachalam Sibisakkaravarthi <
>> arunacha...@mcruncher.com> wrote:
>>
>> > Thanks Maxim Solodovnik.
>> > It took me a while to identify the problem.
>> > Your reply helped me, in my case 'setEscapeModelStrings(false)' was set
>> on
>> > the feedback panel.
>> > The problem is solved after removing it.
>> >
>> >
>> >
>> >
>> > *Thanks And RegardsSibi.ArunachalammCruncher*
>> >
>> >
>> > On Tue, Oct 27, 2020 at 9:01 AM Maxim Solodovnik <solomax...@gmail.com>
>> > wrote:
>> >
>> > > You can completely disable inline scripts using strict CSP
>> > > And of cause this is you who output the script entered to the page :)
>> > > If it is done via Label just remove 'setEscapeModelStrings(false)'
>> > >
>> > > If you need to accept and display HTML input, you can 'sanitize' form
>> > value
>> > >
>> > > from mobile (sorry for typos ;)
>> > >
>> > >
>> > > On Tue, Oct 27, 2020, 07:34 Arunachalam Sibisakkaravarthi <
>> > > arunacha...@mcruncher.com> wrote:
>> > >
>> > > > Hi guys,
>> > > > JS script alert is displayed when user input <script>alert('xss
>> > > > attacks')</script> and submit the form. How to handle this?
>> Basically I
>> > > > want to prevent Cross-Site-Scripting from user inputs.
>> > > > Is it possible to do this globally since our Wicket Webapp is big?
>> > > > I found the below post which is discussed in 2010.
>> > > > Preventing-user-input-script-injection-attacks
>> > > > <
>> > > >
>> > >
>> >
>> http://apache-wicket.1842946.n4.nabble.com/Preventing-user-input-script-injection-attacks-td3059119.html
>> > > > >
>> > > >
>> > > >
>> > > >
>> > > > *Thanks And RegardsSibi.ArunachalammCruncher*
>> > > >
>> > >
>> >
>>
>>
>> --
>> Regards - Ernesto Reinaldo Barreiro
>>
>
