You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@groovy.apache.org by "Rainer Schmitz (JIRA)" <ji...@apache.org> on 2015/10/01 12:26:27 UTC
[jira] [Created] (GROOVY-7615) MarkupTemplateBuilder autoEscape
only escapes top level model properties
Rainer Schmitz created GROOVY-7615:
--------------------------------------
Summary: MarkupTemplateBuilder autoEscape only escapes top level model properties
Key: GROOVY-7615
URL: https://issues.apache.org/jira/browse/GROOVY-7615
Project: Groovy
Issue Type: Bug
Components: Templating
Affects Versions: 2.4.4
Reporter: Rainer Schmitz
{{TemplateConfiguration.setAutoEscape(true)}} only affects values in models top level. Nested values will not be escaped.
Example:
{code}import groovy.text.markup.MarkupTemplateEngine
import groovy.text.markup.TemplateConfiguration
def tplConf = new TemplateConfiguration()
tplConf.autoEscape = true
def engine = new MarkupTemplateEngine(tplConf)
def template = engine.createTemplate ('''
html {
body {
div(unsafeContents)
div(nested.unsafe)
}
}
''')
model = new HashMap<String,Object>();
model.put("unsafeContents", "I am an <html> hacker.");
model.put("nested", [unsafe: "I am an <html> hacker."]);
Writable output = template.make(model)
assert '<html><body><div>I am an <html> hacker.</div><div>I am an <html> hacker.</div></body></html>' == output.toString(){code}
{{div(nested.unsafe)}} is not escaped.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)