to turn it off when you need to inline markup use setEscapeModelStrings(false)
-Igor
On 10/13/06,
craigdd <[EMAIL PROTECTED]> wrote:
Does wicket handle Cross-site scripting out of the box. Meaning if I where
to enter the string <h1>Hello World</h1> into a textarea of a form and then
submitting that form would that same string reappear in a confirmation page
corrently.
If this function isn't provided out of the box is there hooks into the
framework so an application could seemesly decode request parameters and
encode values when rendering the page.
--
View this message in context: http://www.nabble.com/Wicket-and-Cross-site-scripting-tf2439677.html#a6803097
Sent from the Wicket - User mailing list archive at Nabble.com.
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Wicket-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wicket-user
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Wicket-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/wicket-user
