[ https://issues.apache.org/jira/browse/WW-3047?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Lukasz Lenart resolved WW-3047. ------------------------------- Resolution: Fixed Fix Version/s: 2.3 Patch applied, thanks! > doubleselect does not escape quotes in doublelist values > -------------------------------------------------------- > > Key: WW-3047 > URL: https://issues.apache.org/jira/browse/WW-3047 > Project: Struts 2 > Issue Type: Bug > Affects Versions: 2.0.14 > Environment: Tomcat 5.5.17, Windows XP SP2, Firefox 3.0.7 > Reporter: Lee Clemens > Assignee: Lukasz Lenart > Fix For: 2.3 > > Attachments: WW-3047.patch > > > Using: > <s:doubleselect name="priId" doubleName="subId" > list="mainList" doubleList="subList" > listKey="value" doubleListKey="value" > listValue="label" doubleListValue="label"/> > mainList is a class which contains getSubList(), which returns a list for the > second drop down. > Both Lists contain classes which contain getValue() and getLabel() methods. > A quoted value is properly escaped if from the 'list'; however, the > 'doublelist' values are not escaped: > Example of resultant HTML: > List is escaped: > <option value="abc">"quotedString"</option> > However, generated JavaScript for the doubleselect is not escaped: > FormName_doubleSelectFoo[123][0] = new Option(""quotedString"", "123"); > Which causes the second drop down box to only contain an empty option > (presumably from error in JavaScript). > I haven't tested this to ensure it escapes the Labels, however the same issue > may be present there. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira