You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2019/10/14 21:58:00 UTC

[jira] [Commented] (WW-5022) Struts 2.6 escaping behaviour change for s:a (anchor) tag

    [ https://issues.apache.org/jira/browse/WW-5022?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16951381#comment-16951381 ] 

ASF GitHub Bot commented on WW-5022:
------------------------------------

JCgH4164838Gh792C124B5 commented on pull request #373: Proposed fix for WW-5022 (escape html tag body control flag)
URL: https://github.com/apache/struts/pull/373
 
 
   Proposed fix for WW-5022 (escape html tag body control flag)
   - Added escapeHtmlBody parameter to s:a and s:submit tags.
   - No other tags appear to require this feature (but can be added to any component).
   - Added new unit tests for escapeHtmlBody (and usesBody for component).
   - Fixed broken s:a tags in ShowCase app.
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Struts 2.6 escaping behaviour change for s:a (anchor) tag
> ---------------------------------------------------------
>
>                 Key: WW-5022
>                 URL: https://issues.apache.org/jira/browse/WW-5022
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.6
>         Environment: Tomcat 7.0, 8.5 using Java 8 and 11.
>            Reporter: James Chaplin
>            Priority: Major
>             Fix For: 2.6
>
>
> While interacting with the current 2.6 Showcase application I recently noticed that+ the "Home" glyph icon was not displaying correctly+.  Instead of the icon, +the page displayed the body content literally in the browser+.  Checking the page source (view source in browser) it turns out the body content of the tag was HTML-escaped.  I double-checked and this does not happen to Struts 2.5.21 (snapshot) or older 2.6 Showcase apps.
> This behaviour might affect other tags, but +it was noticed and confirmed with "s:a"+ (the JSP anchor tag).
> After some digging (using older commits from GitHub and building the 2.6 Showcase app from them) it appears the automatic body escaping did not occur prior to January 2nd 2019, but was introduced with one of the multiple commits applied on January 3rd 2019.
> It could be an interaction between earlier mid-December 2018 commits that changed the Freemarker configuration version in FreemarkerManager (Configuration.VERSION_2_3_0) to a new one (Configuration.VERSION_2_3_28), combined with the January 3rd commits.  Couldn't find the exact cause, but perhaps one of the Struts Team might be able to do so.
> Given the original/old behaviour +it seems that auto-escaping the tag body might be a bug+.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)