[jira] Created: (WW-3246) Optgroup FTL template desn't escape HTML

Xavi Arias (JIRA) Tue, 15 Sep 2009 03:19:32 -0700

Optgroup FTL template desn't escape HTML
----------------------------------------


                 Key: WW-3246
                 URL: https://issues.apache.org/struts/browse/WW-3246
             Project: Struts 2
          Issue Type: Bug
          Components: Other
    Affects Versions: 2.1.6
            Reporter: Xavi Arias
            Priority: Minor


The actual code of optgroup.ftl in the simple theme renders ${tmpKeyStr}, 
should not be ${tmpKeyStr?html} as in select tags?

<#assign tmpKey=stack.findValue(optGroupInternalListUiBean.parameters.listKey) 
/>
        <#assign 
tmpValue=stack.findValue(optGroupInternalListUiBean.parameters.listValue) />
        <#assign tmpKeyStr = tmpKey.toString() />
        <option value="${tmpKeyStr}"
        <#if tag.contains(parameters.nameValue, tmpKeyStr) == true>
        selected="selected"
        </#if>
        >${tmpValue}
        </option>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Created: (WW-3246) Optgroup FTL template desn't escape HTML

Reply via email to