Uploaded image for project: 'ZK'
  1. ZK
  2. ZK-752

tooltiptext gets rendered differently in different situations

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Normal Normal
    • 6.0.0, 5.0.11
    • 5.0.10
    • None
    • None

      Follow up on ZK-676

      If tooltiptext attribute is binded in a zul to an HTML string, HTML get's escaped with $amp;gt;, <, etc.
      If, however, it's set on runtime, it get's displayed correctly.

      Say string is like this: foobar"><script>alert("Hi!")</script><!--

      If tooltiptext is binded to it, it get's rendered as
      foobar&quot;&gt;&lt;script&gt;alert(&quot;Hi!&quot;)&lt;/script&gt;&lt;!--

      If it's set on runtime, this is the result:
      foobar"><script>alert("Hi!")</script><!--

      Preferably, it should always be the latter result.

            TonyQ TonyQ
            guilty guilty
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: