[
https://issues.apache.org/jira/browse/WICKET-4505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jean-Philippe Boudreault updated WICKET-4505:
---------------------------------------------
Attachment: screenshot-1.jpg
> AbstractTextComponent not escaping html data by default therefore user text
> is not redisplayed correctly
> --------------------------------------------------------------------------------------------------------
>
> Key: WICKET-4505
> URL: https://issues.apache.org/jira/browse/WICKET-4505
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.5.5
> Reporter: Jean-Philippe Boudreault
> Attachments: screenshot-1.jpg
>
>
> User input is not escaped in all text fields by default
> This leads to user entered text not being redisplayed correctly and it also
> makes those text fields vulnerable to XSS.
> * You can replicate using the project from WICKET-3330.
> * Just enter the text my½companyname and press enter
> * The field will not redisplay the text entered properly
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
