From issues-return-16518-apmail-struts-issues-archive=struts.apache.org@struts.apache.org Mon Oct 10 17:42:51 2011 Return-Path: X-Original-To: apmail-struts-issues-archive@minotaur.apache.org Delivered-To: apmail-struts-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 96E74729B for ; Mon, 10 Oct 2011 17:42:51 +0000 (UTC) Received: (qmail 75643 invoked by uid 500); 10 Oct 2011 17:42:51 -0000 Delivered-To: apmail-struts-issues-archive@struts.apache.org Received: (qmail 75616 invoked by uid 500); 10 Oct 2011 17:42:51 -0000 Mailing-List: contact issues-help@struts.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@struts.apache.org Delivered-To: mailing list issues@struts.apache.org Received: (qmail 75607 invoked by uid 99); 10 Oct 2011 17:42:51 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 10 Oct 2011 17:42:51 +0000 X-ASF-Spam-Status: No, hits=-2000.5 required=5.0 tests=ALL_TRUSTED,RP_MATCHES_RCVD,WEIRD_QUOTING X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 10 Oct 2011 17:42:50 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id E777A301B76 for ; Mon, 10 Oct 2011 17:42:29 +0000 (UTC) Date: Mon, 10 Oct 2011 17:42:29 +0000 (UTC) From: "Lukasz Lenart (Assigned) (JIRA)" To: issues@struts.apache.org Message-ID: <1325509582.15587.1318268549949.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Assigned] (WW-3047) doubleselect does not escape quotes in doublelist values MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/WW-3047?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart reassigned WW-3047: --------------------------------- Assignee: Lukasz Lenart > doubleselect does not escape quotes in doublelist values > -------------------------------------------------------- > > Key: WW-3047 > URL: https://issues.apache.org/jira/browse/WW-3047 > Project: Struts 2 > Issue Type: Bug > Affects Versions: 2.0.14 > Environment: Tomcat 5.5.17, Windows XP SP2, Firefox 3.0.7 > Reporter: Lee Clemens > Assignee: Lukasz Lenart > Attachments: WW-3047.patch > > > Using: > list="mainList" doubleList="subList" > listKey="value" doubleListKey="value" > listValue="label" doubleListValue="label"/> > mainList is a class which contains getSubList(), which returns a list for the second drop down. > Both Lists contain classes which contain getValue() and getLabel() methods. > A quoted value is properly escaped if from the 'list'; however, the 'doublelist' values are not escaped: > Example of resultant HTML: > List is escaped: > > However, generated JavaScript for the doubleselect is not escaped: > FormName_doubleSelectFoo[123][0] = new Option(""quotedString"", "123"); > Which causes the second drop down box to only contain an empty option (presumably from error in JavaScript). > I haven't tested this to ensure it escapes the Labels, however the same issue may be present there. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira