[ https://issues.apache.org/jira/browse/WICKET-4505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Philippe Boudreault updated WICKET-4505: --------------------------------------------- Attachment: screenshot-1.jpg > AbstractTextComponent not escaping html data by default therefore user text > is not redisplayed correctly > -------------------------------------------------------------------------------------------------------- > > Key: WICKET-4505 > URL: https://issues.apache.org/jira/browse/WICKET-4505 > Project: Wicket > Issue Type: Bug > Components: wicket > Affects Versions: 1.5.5 > Reporter: Jean-Philippe Boudreault > Attachments: screenshot-1.jpg > > > User input is not escaped in all text fields by default > This leads to user entered text not being redisplayed correctly and it also > makes those text fields vulnerable to XSS. > * You can replicate using the project from WICKET-3330. > * Just enter the text my½companyname and press enter > * The field will not redisplay the text entered properly -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira