You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@myfaces.apache.org by "Anita Anandan (JIRA)" <de...@myfaces.apache.org> on 2008/10/13 20:18:46 UTC

[jira] Updated: (TRINIDAD-1231) Custom message/hint strings used by validators should be escaped.

     [ https://issues.apache.org/jira/browse/TRINIDAD-1231?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Anita Anandan updated TRINIDAD-1231:
------------------------------------

    Status: Patch Available  (was: Open)

> Custom message/hint strings used by validators should be escaped.
> -----------------------------------------------------------------
>
>                 Key: TRINIDAD-1231
>                 URL: https://issues.apache.org/jira/browse/TRINIDAD-1231
>             Project: MyFaces Trinidad
>          Issue Type: Bug
>          Components: Components
>    Affects Versions: 1.0.9-core, 1.2.9-core
>            Reporter: Cale Scholl
>            Priority: Minor
>         Attachments: trinidad-api_trunk12_escape.patch
>
>
>  The server unescapes custom message detail strings on inital page render.
>  For example,
>   
>  _facesBean.getProperty(_NOT_IN_RANGE_MESSAGE_DETAIL_KEY)
>    -> expression.getValue(context.getELContext())
>   
>  causes the resultant string to be unescaped.
>  (i.e. "isn\'t" ==> "isn't"
>        "isn't"  ==> "isn't")
>  Then, before the javascript for the client validator (and thus the client
>  formatter) is constructed, the message detail strings are re-escaped via
>  JsonUtils.writeMap. TrFastMessageFormatUtils.format -> _formatErrorString
>  fills in the format string one token at a time using regular expressions.
>  However, when the server does the formatting, it uses
>  FastMessageFormat.format  to format the unescaped message detail strings.
>  FastMessageFormat.format interprets text enclosed in single quotes as literal
>  text, and interprets double single quotes as an escaped single quote.
>  Currently, I think the best way to allow for "isn't" in a format string is
>  that, unless the string begins and ends with single quotes, the
>  FastMessageFormat constructor should modify the format string by replacing
>  all single quotes with double single quotes.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.