Uploaded image for project: 'Tapestry 5'
  1. Tapestry 5
  2. TAP5-2179

The Select component can be hacked to select a value not in the SelectModel

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.3, 5.4
    • Fix Version/s: 5.4
    • Component/s: tapestry-core
    • Labels:
      None

      Description

      Through 5.3, the Select component uses the SelectModel only for rendering. This means that a clever hacker could force through a selection of a value not intended by the programmer. The Select component should (optionally, but by default) validate that the selected value appears inside the SelectModel.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                hlship Howard M. Lewis Ship
                Reporter:
                hlship Howard M. Lewis Ship
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: