Wicket
  1. Wicket
  2. WICKET-642

Need to escape select html option value

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.2.4, 1.2.5, 1.2.6, 1.3.0-beta1
    • Fix Version/s: 1.2.7, 1.3.0-rc1
    • Component/s: wicket
    • Labels:
      None
    • Environment:
      Any OS , tomcat server

      Description

      Versions affectec : My version of wicket is 1.2.4 .However it is present even in the trunk as well.

      Currently if option value contains double quotes in a dropdown choice,
      the value got on the server side is empty string.

      The method appendOptionHtml of AbstactChoice class does not
      escape markup for option values as it does for display values.

        Activity

        swaroop belur created issue -
        Hide
        Juergen Donnerstag added a comment -

        I tend to agree that all data put into the markup output by Wicket should be HTML escaped by default. I would change ChoiceRenderer.getIdValue() to escape the return value. But I guess it is Johan who knows more about than I do.

        Juergen

        Show
        Juergen Donnerstag added a comment - I tend to agree that all data put into the markup output by Wicket should be HTML escaped by default. I would change ChoiceRenderer.getIdValue() to escape the return value. But I guess it is Johan who knows more about than I do. Juergen
        Juergen Donnerstag made changes -
        Field Original Value New Value
        Assignee Johan Compagner [ jcompagner ]
        Hide
        Eelco Hillenius added a comment -

        Assigned version (beta 4)

        Show
        Eelco Hillenius added a comment - Assigned version (beta 4)
        Eelco Hillenius made changes -
        Fix Version/s 1.3.0-beta5 [ 12312818 ]
        Hide
        Johan Compagner added a comment -

        call also escapeMarkup for the option value

        Show
        Johan Compagner added a comment - call also escapeMarkup for the option value
        Johan Compagner made changes -
        Resolution Fixed [ 1 ]
        Status Open [ 1 ] Closed [ 6 ]
        Hide
        Martijn Dashorst added a comment -

        Should we fix this also in 1.2.x?

        Show
        Martijn Dashorst added a comment - Should we fix this also in 1.2.x?
        Hide
        Johan Compagner added a comment -

        you whiner.
        done.

        Show
        Johan Compagner added a comment - you whiner. done.
        Martijn Dashorst made changes -
        Fix Version/s 1.2.7 [ 12312468 ]
        Hide
        Martijn Dashorst added a comment -

        I wasn't whining, just wondering if it were a great idea to patch it on 1.2.x too. Fortunately you took it that way, and implemented it. Now the 1.2.7 guys have this too (however, that is one reason less to move to 1.3, which is not so great)

        but THANKS!

        Show
        Martijn Dashorst added a comment - I wasn't whining, just wondering if it were a great idea to patch it on 1.2.x too. Fortunately you took it that way, and implemented it. Now the 1.2.7 guys have this too (however, that is one reason less to move to 1.3, which is not so great) but THANKS!
        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Closed Closed
        139d 13h 13m 1 Johan Compagner 30/Oct/07 19:17

          People

          • Assignee:
            Johan Compagner
            Reporter:
            swaroop belur
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development