i'm trying to display html i.e. rich text within a wicket element dynamically. An example is like displaying a rich text email within a div tag. how can i get this done with wicket. the wicket Label component doesn't seem to support this. is there a component that does
Asked
Active
Viewed 1.6k times
1 Answers
28
Found this in the excellent Manning Wicket in Action:
add(new Label("markup", "<h1>Hello!</h1>").setEscapeModelStrings(false));
The call to setEscapeModelStrings tells Wicket not to escape the contents of the provided string, and to render the contents into the resulting markup. This does the trick, as you can see in the right screenshot in figure 5.4. Note that this setting is available on all Wicket components, but itβs primarily useful on labels.
As the book also notes however, you should be aware of script-injection attacks..
Tim
- 19,793
- 8
- 70
- 95
-
Thanks a lot! the other thing now though is the script-injection attack.. any suggestions?? I'm thinking i should run the check before i store the data, so when i display it later it will be clean. β Emotu Balogun Nov 30 '09 at 13:06
-
The book recommends a similar approach in filtering out any scripting before storing / displaying the input.. Other than that I can't recommend anything unfortunately.. β Tim Nov 30 '09 at 13:13
-
I know this is super old, but you could also use a wysiwyg editor of sorts. Or create your own find and replace encoding of sorts (using {b}bold{/b} or something like that, for example). There are alternatives, but none of them are super easy and none are perfect. β adprocas Sep 15 '17 at 18:05