GitHub user tgoetz opened a pull request:
https://github.com/apache/wicket/pull/9 WICKET-4219: Enable markup escaping of WizardStep's labels by default due to security aspects
WizardStep's Header Labels now inherit the escape settings from Header, thus escaping can now be configured by overriding getHeader in WizardStep:
@Override
public Component getHeader(String id, Component parent, IWizard wizard) {
return super.getHeader(id, parent, wizard).setEscapeModelStrings(true|false);
}
Thus the default is that the Strings will be escaped.
You can merge this pull request into a Git repository by running:
$ git pull
https://github.com/tgoetz/wicket master
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/wicket/pull/9.patch----
commit a8b3f97bd019e601f664a3697f12994bad1cb862
Author: Thomas GoÌtz <
[hidden email]>
Date: 2012-05-15T00:13:53-07:00
WICKET-4219: Enable markup escaping of WizardStep's labels by default due to security aspects
WizardStep's Header Labels now inherit the escape settings from Header, thus escaping can now be configured by overriding getHeader in WizardStep:
@Override
public Component getHeader(String id, Component parent, IWizard wizard) {
return super.getHeader(id, parent, wizard).setEscapeModelStrings(true|false);
}
Thus the default is that the Strings will be escaped.
----
Locked
