[WICKET-6155] Newline in ModalWindow title - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 7.2.0, 8.0.0-M1, 6.22.0
Fix Version/s: 8.0.0-M1, 6.23.0, 7.4.0
Component/s: wicket-extensions
Labels:
None

Description

Setting a newline (\n) in the title of ModalWindow crashes, because the newline is used unescaped in JavaScript (only HTML is escaped) and breaks the generated string literal.

Reproduction steps:

Create the modal-window example project.
Change the title:

add(modal1 = new ModalWindow("modal1"));
modal1.setTitle("modal title\n with newline");

Start the application and open the modal window.

Exception evaluating javascript: SyntaxError: unterminated string literal, text: (function(){var settings = new Object();
...
settings.cookieId="modal-1";
settings.title="modal title
with newline";
...

Note that the newline ends up unescaped. The string literal generation code is in getWindowOpenJavaScript#getWindowOpenJavaScript()

String title = getTitle() != null ? getTitle().getObject() : null;
if (title != null)

{ String escaped = getDefaultModelObjectAsString(title); appendAssignment(buffer, "settings.title", escaped); }

getDefaultModelObjectAsString does escape HTML (if flag is set), but does not escape the JavaScript.

Perhaps #appendAssignment() should escape the value?

Same for the characters \ and \r

Attachments

Issue Links

causes

WICKET-6613 Wicket 8.1 ModalWindow autosizing problem

Resolved

Activity

People

Assignee:: Sven Meier

Reporter:: Ramon van Sparrentak

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 02/May/16 12:17

Updated:: 29/Aug/19 18:01

Resolved:: 20/May/16 17:26