You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Konrad Windszus (JIRA)" <ji...@apache.org> on 2016/06/08 08:30:21 UTC
[jira] [Commented] (SLING-5461) Sightly quotes all markup
attributes' values with double quotes
[ https://issues.apache.org/jira/browse/SLING-5461?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15320241#comment-15320241 ]
Konrad Windszus commented on SLING-5461:
----------------------------------------
The problem why this is really crucial is that Sightly also does incorrectly escape. So while
{code}
<div data-foo='{"key1": { "subobject": "test" } }' />
{code}
is correctly converted to
{code}
<div data-foo="{"key1": { "subobject": "test" } }"/>
{code}
(before this fix was applied),
on the other hand Sightly containing expressions is not correctly escaped.
So this:
{code}
<div data-bar='{"key": "${currentPage.title}" />
{code}
becomes invalid HTML
{code}
<div data-bar="{"key": "<whatever value $currentPage.title resolves to>" }" />
{code}
[~radu.cotescu] Do you want me open a separate bug for this? So far I only reproduced with "Sightly Engine 1.0.2".
> Sightly quotes all markup attributes' values with double quotes
> ---------------------------------------------------------------
>
> Key: SLING-5461
> URL: https://issues.apache.org/jira/browse/SLING-5461
> Project: Sling
> Issue Type: Bug
> Components: Scripting
> Affects Versions: Scripting Sightly Engine 1.0.0
> Reporter: Radu Cotescu
> Assignee: Radu Cotescu
> Fix For: Scripting Sightly Engine 1.0.12
>
>
> Irrespective of how HTML attributes are quoted in a Sightly script, the resulting output will always use double quotes ({{"}}), which will break attributes that have been defined in the script to use single quotes ({{'}}).
> This issue affects developers who would like to define JSON structures in {{data-}} attributes.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)