Markup escaping of the title and summary label in org.apache.wicket.extensions.wizard.WizardStep are disabled by default. This fact is not documented, an therefore there could be some security risk, when their Models are generated from user input.
An improvement would be to enable markup escaping and let the user disable this on demand.
|Transition||Time In Source Status||Execution Times||Last Executer||Last Execution Date|
|186d 4h 57m||1||Sven Meier||15/May/12 19:12|
|Field||Original Value||New Value|
|Status||Open [ 1 ]||Resolved [ 5 ]|
|Assignee||Sven Meier [ svenmeier ]|
|Fix Version/s||6.0.0-beta2 [ 12320343 ]|
|Resolution||Fixed [ 1 ]|