Hi! I think there are libraries that can provide you with scripting detection or escaping...
However, "I do not want HTML to be entered" is quite vaque rule. Even plain alphabets are html. ** Martin 2010/11/25 Ian Marshall <[email protected]>: > > If a user has entered some HTML in a TextField or TextArea<String> when I do > not want HTML to be entered, what is a good way to prevent this? > > Currently, I store the offending strings and then render them using a Label > or MultiLineLabel, but for neither component does > > Component.setEscapeModelStrings(true); > > have an effect (presumably since this setting is already true by default). > > Am I condemned to coding a method to examine the models of my TextField and > TextArea<String> components at form-submission-time and remove any HTML code > manually? > > Any comments would be appreciated, > > Ian > -- > View this message in context: > http://apache-wicket.1842946.n4.nabble.com/Preventing-user-input-script-injection-attacks-tp3059119p3059119.html > Sent from the Users forum mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
