Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.0.14
-
None
-
None
-
Tomcat 5.5.17, Windows XP SP2, Firefox 3.0.7
Description
Using:
<s:doubleselect name="priId" doubleName="subId"
list="mainList" doubleList="subList"
listKey="value" doubleListKey="value"
listValue="label" doubleListValue="label"/>
mainList is a class which contains getSubList(), which returns a list for the second drop down.
Both Lists contain classes which contain getValue() and getLabel() methods.
A quoted value is properly escaped if from the 'list'; however, the 'doublelist' values are not escaped:
Example of resultant HTML:
List is escaped:
<option value="abc">"quotedString"</option>
However, generated JavaScript for the doubleselect is not escaped:
FormName_doubleSelectFoo[123][0] = new Option(""quotedString"", "123");
Which causes the second drop down box to only contain an empty option (presumably from error in JavaScript).
I haven't tested this to ensure it escapes the Labels, however the same issue may be present there.
Attachments
Attachments
Issue Links
- depends upon
-
WW-2750 JavaScript errors due to hyphens in action names
- Closed