You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shale.apache.org by Jeff Tsay <jc...@aim.com> on 2008/04/10 12:12:32 UTC
Need to escape special characters in Shale validator script
Hi,
I'm trying to use Shale validator with xulfaces. (XUL is a user
interface language that is a type of XML) The first problem I'm having
is that
<val:validatorScript functionName="validateForm"/>
is encoded as follows:
<script type="text/javascript" language="Javascript1.1">
function _required() {
this[0] = new Array("j_id_id32", "null is required.", new Function("x", "return {}[x];"));
}
var bCancel = false;
function validateForm(form) {
var bValid = true;
var sFormName = jcv_retrieveFormName(form);
if ((bValid && !bCancel && ("" == sFormName))) {
bValid = (validateRequired(form));
}
return bValid;
}
...
Note the &&. When I load this page in Firefox, it complains that && is
not valid XML, which it is not. It should be escaped to &&. I
guess because HTML browsers allow special characters like & in side
<script> tags, this problem wasn't caught previously. I guess if the
script appeared in an XHTML document, and a browser was strict, this
problem could show up too.
So I was trying to fix this problem and looking at
org.apache.shale.validator.faces.ValidatorScript.writeValidationFunctions().
It looks like the script text is written here with
ResponseWriter.write(). The problem is ResponseWrite.write() doesn't
escape the characters as ResponseWriter.writeText() does. However,
writeText() won't work since it closes any open tags (in this case
<script>). So we need to escape ourselves. The trouble is, how do we
know how to escape the characters? I was thinking of using
org.apache.commons.lang.StringEscapeUtils.escapeXml() and escapeHtml(),
but how can we determine what the content type we are outputting is? If
we knew, I guess we could then create a WrappedResponseWriter that
overloads write(String) ...
Thanks,
Jeff