Wicket
  1. Wicket
  2. WICKET-642

Need to escape select html option value

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.2.4, 1.2.5, 1.2.6, 1.3.0-beta1
    • Fix Version/s: 1.2.7, 1.3.0-rc1
    • Component/s: wicket
    • Labels:
      None
    • Environment:
      Any OS , tomcat server

      Description

      Versions affectec : My version of wicket is 1.2.4 .However it is present even in the trunk as well.

      Currently if option value contains double quotes in a dropdown choice,
      the value got on the server side is empty string.

      The method appendOptionHtml of AbstactChoice class does not
      escape markup for option values as it does for display values.

        Activity

        Hide
        Juergen Donnerstag added a comment -

        I tend to agree that all data put into the markup output by Wicket should be HTML escaped by default. I would change ChoiceRenderer.getIdValue() to escape the return value. But I guess it is Johan who knows more about than I do.

        Juergen

        Show
        Juergen Donnerstag added a comment - I tend to agree that all data put into the markup output by Wicket should be HTML escaped by default. I would change ChoiceRenderer.getIdValue() to escape the return value. But I guess it is Johan who knows more about than I do. Juergen
        Hide
        Eelco Hillenius added a comment -

        Assigned version (beta 4)

        Show
        Eelco Hillenius added a comment - Assigned version (beta 4)
        Hide
        Johan Compagner added a comment -

        call also escapeMarkup for the option value

        Show
        Johan Compagner added a comment - call also escapeMarkup for the option value
        Hide
        Martijn Dashorst added a comment -

        Should we fix this also in 1.2.x?

        Show
        Martijn Dashorst added a comment - Should we fix this also in 1.2.x?
        Hide
        Johan Compagner added a comment -

        you whiner.
        done.

        Show
        Johan Compagner added a comment - you whiner. done.
        Hide
        Martijn Dashorst added a comment -

        I wasn't whining, just wondering if it were a great idea to patch it on 1.2.x too. Fortunately you took it that way, and implemented it. Now the 1.2.7 guys have this too (however, that is one reason less to move to 1.3, which is not so great)

        but THANKS!

        Show
        Martijn Dashorst added a comment - I wasn't whining, just wondering if it were a great idea to patch it on 1.2.x too. Fortunately you took it that way, and implemented it. Now the 1.2.7 guys have this too (however, that is one reason less to move to 1.3, which is not so great) but THANKS!

          People

          • Assignee:
            Johan Compagner
            Reporter:
            swaroop belur
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development