.
But the methods escape or escapeHTML do not work in this case. I am working
on that bug.
Do I have to recreate a new JIRA?
Emmanuel
--
View this message in context:
http://tapestry.1045711.n5.nabble.com/XSS-vulnerability-in-calendar-component-tp2433878p3377170.html
Sent from the Tapestry
https://issues.apache.org/jira/browse/TAP5-1057
Please file an issue in JIRA; a patch is most welcome!
2010/3/17 françois facon :
> Hello
>
> The calendar component provided in tapestry 5.1.0.5 could be used to allow
> code injection by malicious web users into any page that uses datefield .
>
> To reproduce the vulnerability, put js code like
Hello
The calendar component provided in tapestry 5.1.0.5 could be used to allow
code injection by malicious web users into any page that uses datefield .
To reproduce the vulnerability, put js code like alert("T5 is
great"); in any datefield and click on the related calendar bitma
After quic
