struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lukasz Lenart (Assigned) (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (WW-3047) doubleselect does not escape quotes in doublelist values
Date Mon, 10 Oct 2011 17:42:29 GMT

     [ https://issues.apache.org/jira/browse/WW-3047?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Lukasz Lenart reassigned WW-3047:
---------------------------------

    Assignee: Lukasz Lenart
    
> doubleselect does not escape quotes in doublelist values
> --------------------------------------------------------
>
>                 Key: WW-3047
>                 URL: https://issues.apache.org/jira/browse/WW-3047
>             Project: Struts 2
>          Issue Type: Bug
>    Affects Versions: 2.0.14
>         Environment: Tomcat 5.5.17, Windows XP SP2, Firefox 3.0.7
>            Reporter: Lee Clemens
>            Assignee: Lukasz Lenart
>         Attachments: WW-3047.patch
>
>
> Using:
> <s:doubleselect name="priId" doubleName="subId"
>                         list="mainList" doubleList="subList"
>                         listKey="value" doubleListKey="value"
>                         listValue="label" doubleListValue="label"/>
> mainList is a class which contains getSubList(), which returns a list for the second
drop down.
> Both Lists contain classes which contain getValue() and getLabel() methods.
> A quoted value is properly escaped if from the 'list'; however, the 'doublelist' values
are not escaped:
> Example of resultant HTML:
> List is escaped:
> <option value="abc">&quot;quotedString&quot;</option>
> However, generated JavaScript for the doubleselect is not escaped:
> FormName_doubleSelectFoo[123][0] = new Option(""quotedString"", "123");
> Which causes the second drop down box to only contain an empty option (presumably from
error in JavaScript).
> I haven't tested this to ensure it escapes the Labels, however the same issue may be
present there.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message