Thanks Ernesto Reinaldo for your suggestion. In the same context, I want to validate the user's input. Is there a proper/standard way to validate all Text Fields in a form? Currently IVisitor is used to iterate components in the form.
*Thanks And RegardsSibi.ArunachalammCruncher* On Fri, Oct 30, 2020 at 1:49 PM Arunachalam Sibisakkaravarthi < arunacha...@mcruncher.com> wrote: > Thanks Ernesto Reinaldo for your suggestion. > In the same context, I want to validate the user's input. > Is there a proper/standard way to validate all Text Fields in a form? > > > > *Thanks And RegardsSibi.ArunachalammCruncher* > > > On Wed, Oct 28, 2020 at 5:22 PM Ernesto Reinaldo Barreiro < > reier...@gmail.com> wrote: > >> Hi, >> >> If you want to make sure none of your developers use his/her fat fingers >> you might register at application level a >> IComponentOnBeforeRenderListener that >> checks/sets this to true. If you want to exclude some components you can >> create some annotation to mark components that are allowed to have this >> set >> to false. >> >> On Wed, Oct 28, 2020 at 8:57 AM Arunachalam Sibisakkaravarthi < >> arunacha...@mcruncher.com> wrote: >> >> > Thanks Maxim Solodovnik. >> > It took me a while to identify the problem. >> > Your reply helped me, in my case 'setEscapeModelStrings(false)' was set >> on >> > the feedback panel. >> > The problem is solved after removing it. >> > >> > >> > >> > >> > *Thanks And RegardsSibi.ArunachalammCruncher* >> > >> > >> > On Tue, Oct 27, 2020 at 9:01 AM Maxim Solodovnik <solomax...@gmail.com> >> > wrote: >> > >> > > You can completely disable inline scripts using strict CSP >> > > And of cause this is you who output the script entered to the page :) >> > > If it is done via Label just remove 'setEscapeModelStrings(false)' >> > > >> > > If you need to accept and display HTML input, you can 'sanitize' form >> > value >> > > >> > > from mobile (sorry for typos ;) >> > > >> > > >> > > On Tue, Oct 27, 2020, 07:34 Arunachalam Sibisakkaravarthi < >> > > arunacha...@mcruncher.com> wrote: >> > > >> > > > Hi guys, >> > > > JS script alert is displayed when user input <script>alert('xss >> > > > attacks')</script> and submit the form. How to handle this? >> Basically I >> > > > want to prevent Cross-Site-Scripting from user inputs. >> > > > Is it possible to do this globally since our Wicket Webapp is big? >> > > > I found the below post which is discussed in 2010. >> > > > Preventing-user-input-script-injection-attacks >> > > > < >> > > > >> > > >> > >> http://apache-wicket.1842946.n4.nabble.com/Preventing-user-input-script-injection-attacks-td3059119.html >> > > > > >> > > > >> > > > >> > > > >> > > > *Thanks And RegardsSibi.ArunachalammCruncher* >> > > > >> > > >> > >> >> >> -- >> Regards - Ernesto Reinaldo Barreiro >> >