You can completely disable inline scripts using strict CSP
And of cause this is you who output the script entered to the page :)
If it is done via Label just remove 'setEscapeModelStrings(false)'
If you need to accept and display HTML input, you can 'sanitize' form value
from mobile (sorry for ty
Hi guys,
JS script alert is displayed when user input alert('xss
attacks') and submit the form. How to handle this? Basically I
want to prevent Cross-Site-Scripting from user inputs.
Is it possible to do this globally since our Wicket Webapp is big?
I found the below post which is discussed in 2010