You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@freemarker.apache.org by "Dave Jarvis (JIRA)" <ji...@apache.org> on 2019/05/22 08:14:00 UTC

[jira] [Closed] (FREEMARKER-115) Included file gets parsed (double ampersands converted)

     [ https://issues.apache.org/jira/browse/FREEMARKER-115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dave Jarvis closed FREEMARKER-115.
----------------------------------
    Resolution: Not A Problem

> Included file gets parsed (double ampersands converted)
> -------------------------------------------------------
>
>                 Key: FREEMARKER-115
>                 URL: https://issues.apache.org/jira/browse/FREEMARKER-115
>             Project: Apache Freemarker
>          Issue Type: Bug
>          Components: engine
>    Affects Versions: 2.3.28
>            Reporter: Dave Jarvis
>            Priority: Major
>
> Using FMPP with FreeMarker to render a document. The main document resembles:
> {code:java}
> <#assign updated = .now>
> <!doctype html>
> <html lang="en">
> <head>
>   <meta charset="utf-8"/>
> </head>
> <body>
>   <main>
>     <article>
>       <#include "includes/html/body.html" parse=false>
>     </article>
>   </main>
> </body>
> </html>
> {code}
> The file *includes/html/body.html* contains:
> {code:java}
> <div class="code">
> <pre><code>SCRIPT_DIR=&quot;\
>   $(\
>     cd &quot;$(dirname &quot;${BASH_SRC_DIR[0]}&quot;)&quot; \
>     &gt;/dev/null 2&gt;&amp;1 \
>     &amp;&amp; pwd\
>   )&quot;
> SCRIPT_NAME=$(basename $0)</code></pre>
> </div>
> {code}
> Note the  &𝗮𝗺𝗽; &𝗮𝗺𝗽;. When the main document is parsed by FreeMarker, the resulting document contains:
> {code:java}
> <div class="code"><pre><code>SCRIPT_DIR="\
>   $(\
>     cd "$(dirname "${BASH_SRC_DIR[0]}")" \
>     &gt;/dev/null 2&gt;&amp;1 \
>     &amp;& pwd\
>   )"
> SCRIPT_NAME=$(basename $0)</code></pre></div>
> {code}
> Note the &𝗮𝗺𝗽; &, which is invalid HTML. The following line from the main document does not appear to prevent the engine from meddling with the contents, despite *parse=false* being set:
> {code:java}
> <#include "includes/html/body.html" parse=false>
> {code}
> The expected result, of course, is &𝗮𝗺𝗽;&𝗮𝗺𝗽; as per:
> {code:java}
>     &amp;&amp; pwd\
> {code}
> A larger concern is that FreeMarker produced invalid HTML that wasn't caught in a unit test.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)