Hello,
I don't know if this is a bug, but chart title is not escaped properly, i.e.:
CODE: SELECT ALL
<p:barChart id="chart" title="#{chartBean.chartName}" stacked="true" value="#{chartBean.chartModel}" extender="extender" widgetVar="chart" style="height: 300px;" />
And if the chartBean.chartName is "John's chart" or even better "Hello world <iframe src=... />" in the first case the chart is not rendered (syntax error because of single quote) and in the second iframe is displayed instead of title... I was pretty surprised when I discovered this, so I think it should be either mentioned somewhere in the documentation or filed as a bug.
chart title not escaped properly
What version of PrimeFaces are you using? I have fixed a bunch of escaping issues in the chart for PF 6.1 before but its possible I missed one.
https://github.com/primefaces/primefaces/issues/709
And from looking at the code the title is escaped...
https://github.com/primefaces/primeface ... r.java#L45
https://github.com/primefaces/primefaces/issues/709
And from looking at the code the title is escaped...
https://github.com/primefaces/primeface ... r.java#L45
PrimeFaces Developer | PrimeFaces Extensions Developer
GitHub Profile: https://github.com/melloware
PrimeFaces Elite 13.0.0 / PF Extensions 13.0.0
PrimeReact 9.6.1
GitHub Profile: https://github.com/melloware
PrimeFaces Elite 13.0.0 / PF Extensions 13.0.0
PrimeReact 9.6.1
-
- Information
-
Who is online
Users browsing this forum: Majestic-12 [Bot] and 28 guests