Uploaded image for project: 'Tapestry 5'
  1. Tapestry 5
  2. TAP5-2179

The Select component can be hacked to select a value not in the SelectModel

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 5.3, 5.4
    • 5.4
    • tapestry-core
    • None

    Description

      Through 5.3, the Select component uses the SelectModel only for rendering. This means that a clever hacker could force through a selection of a value not intended by the programmer. The Select component should (optionally, but by default) validate that the selected value appears inside the SelectModel.

      Attachments

        Issue Links

          breaks

          Bug - A problem which impairs or prevents the functions of the product. TAP5-2245 select component: selected option is not listed in the model.

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              hlship Howard Lewis Ship
              hlship Howard Lewis Ship
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: