Re: [Wicket-user] markup in Label

Sat, 29 Apr 2006 11:09:07 -0700 

Good point, thanks!

On 4/29/06, Martijn Dashorst <[EMAIL PROTECTED]> wrote:

The current default is the most safe option. It provides a first guard
against javascript injections to your markup if you have an input that takes
some text, and that will be presented to your users.

It is a conscious decision on your part whether to allow those things.

Martijn


On 4/29/06, Vincent Jenks <[EMAIL PROTECTED]> wrote:
> Excellent, thank you!  I looked at the javadoc but must have passed
> right over that method...too easy!
>
> However, I suppose I would have intuitively expected it to be exactly
> the opposite.  I guess I expected that if I wanted to escape markup, I
> should set it, otherwise it would be rendered.
>
> Anyhow, thanks again.
>
> On 4/29/06, Martijn Dashorst <[EMAIL PROTECTED]> wrote:
> > I was just writing that part of Wicket in Action, so I'll just
copy/paste...
> >
> >
> > You can tell Wicket not to escape the contents by setting a flag on the
> > component. Take a look at the next Java snippet:
> > add(new Label("markup", "<h1>Hello!</h1>")
> >         .setEscapeModelStrings(false));
> >
> > The call to setEscapeModelStrings tells Wicket not to escape the
contents of
> > the provided string, and just render the contents into the resulting
markup.
> >
> >
> > Martijn
> >
> >
> >
> > On 4/29/06, Vincent Jenks <[EMAIL PROTECTED]> wrote:
> > >
> >  How do I prevent HTML markup from being converted to literal values,
> > i.e. "<" converted to "&lt;" when rendering a Label?
> >
> > I'm using the xinha editor on a TextArea and once the user submits the
> > form there is HTML mixed into the value of the widget.  When I pull up
> > the data on a page w/ a Label, I'm able to see the tags and not the
> > actual markup being rendered in the browser.
> >
> > Thanks!
> >
> >
> > -------------------------------------------------------
> >
> > Using Tomcat but need to do more? Need to support web services,
security?
> > Get stuff done quickly with pre-integrated technology to make your job
> > easier
> > Download IBM WebSphere Application Server v.1.0.1 based on Apache
Geronimo
> >
http://sel.as-us.falkag.net/sel?cmdlnk&kid0709&bid&3057&dat1642
> > _______________________________________________
> > Wicket-user mailing list
> > [email protected]
> >
https://lists.sourceforge.net/lists/listinfo/wicket-user
> >
> >
> >
> >
> > --
> > Wicket 1.2 is coming! Write Ajax applications without touching
JavaScript!
> > -- http://wicketframework.org
>
>
> -------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
>
http://sel.as-us.falkag.net/sel?cmdlnk&kid0709&bid&3057&dat1642
> _______________________________________________
> Wicket-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/wicket-user
>



--
Wicket 1.2 is coming! Write Ajax applications without touching JavaScript!
-- http://wicketframework.org



-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642
_______________________________________________
Wicket-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wicket-user

Reply via email to