[ https://issues.apache.org/jira/browse/WICKET-642?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Juergen Donnerstag reassigned WICKET-642: ----------------------------------------- Assignee: Johan Compagner I tend to agree that all data put into the markup output by Wicket should be HTML escaped by default. I would change ChoiceRenderer.getIdValue() to escape the return value. But I guess it is Johan who knows more about than I do. Juergen > Need to escape select html option value > --------------------------------------- > > Key: WICKET-642 > URL: https://issues.apache.org/jira/browse/WICKET-642 > Project: Wicket > Issue Type: Bug > Components: wicket > Affects Versions: 1.2.4, 1.2.5, 1.2.6, 1.3.0-beta1 > Environment: Any OS , tomcat server > Reporter: swaroop belur > Assignee: Johan Compagner > > Versions affectec : My version of wicket is 1.2.4 .However it is present > even in the trunk as well. > Currently if option value contains double quotes in a dropdown choice, > the value got on the server side is empty string. > The method appendOptionHtml of AbstactChoice class does not > escape markup for option values as it does for display values. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.