Hi,
I have built several forms using Wicket. Just out of curiosity I tried
to enter the following line into a text field:
"><script>alert('Soylent Green Is People');</script test="
When I reload the form, the JavaScript code gets executed. Shouldn't
such special characters be converted to HTML entities when the page gets
parsed? (You know < instead of < and so forth)
Cheers,
Johannes.
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Wicket-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wicket-user
