Wicket
  1. Wicket
  2. WICKET-642

Need to escape select html option value

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.2.4, 1.2.5, 1.2.6, 1.3.0-beta1
    • Fix Version/s: 1.2.7, 1.3.0-rc1
    • Component/s: wicket
    • Labels:
      None
    • Environment:
      Any OS , tomcat server

      Description

      Versions affectec : My version of wicket is 1.2.4 .However it is present even in the trunk as well.

      Currently if option value contains double quotes in a dropdown choice,
      the value got on the server side is empty string.

      The method appendOptionHtml of AbstactChoice class does not
      escape markup for option values as it does for display values.

        Activity

        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Closed Closed
        139d 13h 13m 1 Johan Compagner 30/Oct/07 19:17
        Hide
        Martijn Dashorst added a comment -

        I wasn't whining, just wondering if it were a great idea to patch it on 1.2.x too. Fortunately you took it that way, and implemented it. Now the 1.2.7 guys have this too (however, that is one reason less to move to 1.3, which is not so great)

        but THANKS!

        Show
        Martijn Dashorst added a comment - I wasn't whining, just wondering if it were a great idea to patch it on 1.2.x too. Fortunately you took it that way, and implemented it. Now the 1.2.7 guys have this too (however, that is one reason less to move to 1.3, which is not so great) but THANKS!
        Martijn Dashorst made changes -
        Fix Version/s 1.2.7 [ 12312468 ]
        Hide
        Johan Compagner added a comment -

        you whiner.
        done.

        Show
        Johan Compagner added a comment - you whiner. done.
        Hide
        Martijn Dashorst added a comment -

        Should we fix this also in 1.2.x?

        Show
        Martijn Dashorst added a comment - Should we fix this also in 1.2.x?
        Johan Compagner made changes -
        Resolution Fixed [ 1 ]
        Status Open [ 1 ] Closed [ 6 ]
        Hide
        Johan Compagner added a comment -

        call also escapeMarkup for the option value

        Show
        Johan Compagner added a comment - call also escapeMarkup for the option value
        Eelco Hillenius made changes -
        Fix Version/s 1.3.0-beta5 [ 12312818 ]
        Hide
        Eelco Hillenius added a comment -

        Assigned version (beta 4)

        Show
        Eelco Hillenius added a comment - Assigned version (beta 4)
        Juergen Donnerstag made changes -
        Field Original Value New Value
        Assignee Johan Compagner [ jcompagner ]
        Hide
        Juergen Donnerstag added a comment -

        I tend to agree that all data put into the markup output by Wicket should be HTML escaped by default. I would change ChoiceRenderer.getIdValue() to escape the return value. But I guess it is Johan who knows more about than I do.

        Juergen

        Show
        Juergen Donnerstag added a comment - I tend to agree that all data put into the markup output by Wicket should be HTML escaped by default. I would change ChoiceRenderer.getIdValue() to escape the return value. But I guess it is Johan who knows more about than I do. Juergen
        swaroop belur created issue -

          People

          • Assignee:
            Johan Compagner
            Reporter:
            swaroop belur
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development