You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@freemarker.apache.org by "Dave Jarvis (JIRA)" <ji...@apache.org> on 2019/05/21 06:06:00 UTC

[jira] [Updated] (FREEMARKER-115) Included file gets parsed (double ampersands converted)

     [ https://issues.apache.org/jira/browse/FREEMARKER-115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dave Jarvis updated FREEMARKER-115:
-----------------------------------
    Priority: Major  (was: Minor)

> Included file gets parsed (double ampersands converted)
> -------------------------------------------------------
>
>                 Key: FREEMARKER-115
>                 URL: https://issues.apache.org/jira/browse/FREEMARKER-115
>             Project: Apache Freemarker
>          Issue Type: Bug
>          Components: engine
>    Affects Versions: 2.3.28
>            Reporter: Dave Jarvis
>            Priority: Major
>
> Using FMPP with FreeMarker to render a document. The main document resembles:
> {code:java}
> <#assign updated = .now>
> <!doctype html>
> <html lang="en">
> <head>
>   <meta charset="utf-8"/>
> </head>
> <body>
>   <main>
>     <article>
>       <#include "includes/html/body.html" parse=false>
>     </article>
>   </main>
> </body>
> </html>
> {code}
> The file *includes/html/body.html* contains:
> {code:java}
> <div class="code">
> <pre><code>SCRIPT_DIR=&quot;\
>   $(\
>     cd &quot;$(dirname &quot;${BASH_SRC_DIR[0]}&quot;)&quot; \
>     &gt;/dev/null 2&gt;&amp;1 \
>     &amp;&amp; pwd\
>   )&quot;
> SCRIPT_NAME=$(basename $0)</code></pre>
> </div>
> {code}
> Note the *&amp;&amp;*. When the main document is parsed by FreeMarker, the resulting document contains:
> {code:java}
> <div class="code"><pre><code>SCRIPT_DIR="\
>   $(\
>     cd "$(dirname "${BASH_SRC_DIR[0]}")" \
>     &gt;/dev/null 2&gt;&amp;1 \
>     &amp;& pwd\
>   )"
> SCRIPT_NAME=$(basename $0)</code></pre></div>
> {code}
> Note the *&amp;&*, which is invalid HTML. The following line from the main document does not appear to prevent the engine from meddling with the contents, despite *parse=false* being set:
> {code:java}
> <#include "includes/html/body.html" parse=false>
> {code}
> The expected result, of course, is *&amp;&amp;*, as per:
> {code:java}
>     &amp;&amp; pwd\
> {code}
> A larger concern is that FreeMarker produced invalid HTML that wasn't caught in a unit test.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)