i'm trying to display html i.e. rich text within a wicket element dynamically. An example is like displaying a rich text email within a div tag. how can i get this done with wicket. the wicket Label component doesn't seem to support this. is there a component that does
+3
A:
Found this in the excellent Manning Wicket in Action:
add(new Label("markup", "<h1>Hello!</h1>").setEscapeModelStrings(false));
The call to setEscapeModelStrings tells Wicket not to escape the contents of the provided string, and to render the contents into the resulting markup. This does the trick, as you can see in the right screenshot in figure 5.4. Note that this setting is available on all Wicket components, but it’s primarily useful on labels.
As the book also notes however, you should be aware of script-injection attacks..
Tim
2009-11-27 23:32:35
Thanks a lot! the other thing now though is the script-injection attack.. any suggestions?? I'm thinking i should run the check before i store the data, so when i display it later it will be clean.
Emotu Balogun
2009-11-30 13:06:01
The book recommends a similar approach in filtering out any scripting before storing / displaying the input.. Other than that I can't recommend anything unfortunately..
Tim
2009-11-30 13:13:51