x = 6 < 7 & 10 > 5
as text in my model it gets encoded into html? (And thats what i see?)
That is something i don't want
The problem you describe is i think the " at the beginning that makes it all possible,
(else it was just a text value of the value attribute)
johan
On 11/24/05, Johannes Fahrenkrug <[EMAIL PROTECTED]
> wrote:
Hi,
I have built several forms using Wicket. Just out of curiosity I tried
to enter the following line into a text field:
"><script>alert('Soylent Green Is People');</script test="
When I reload the form, the _javascript_ code gets executed. Shouldn't
such special characters be converted to HTML entities when the page gets
parsed? (You know < instead of < and so forth)
Cheers,
Johannes.
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Wicket-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wicket-user
