You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tapestry.apache.org by "David Peterson (JIRA)" <de...@tapestry.apache.org> on 2007/06/27 11:24:26 UTC
[jira] Updated: (TAPESTRY-1604) BeanEditForm outputs text values
raw (no escaping of HTML characters)
[ https://issues.apache.org/jira/browse/TAPESTRY-1604?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Peterson updated TAPESTRY-1604:
-------------------------------------
Fix Version/s: (was: 5.0.5)
Description:
Simple example to demonstrate. The initial value of fullName in the bean has a couple of quotes in it. These are written directly to the HTML output instead of being turned into " entities.
import org.apache.tapestry.annotations.Persist;
public class Example {
@Persist
private MyBean myBean;
public MyBean getMyBean() {
return myBean;
}
public void setMyBean(MyBean myBean) {
this.myBean = myBean;
}
}
public class MyBean {
private String fullName = "Fred \"Fredmeister\" Flintstone";
public String getFullName() {
return fullName;
}
public void setFullName(String fullName) {
this.fullName = fullName;
}
}
Example.html:
<html xmlns:t="http://tapestry.apache.org/schema/tapestry_5_0_0.xsd">
<body>
<t:beanEditForm object="myBean" />
</body>
</html>
was:
Simple example to demonstrate. The initial value of fullName in the bean has a couple of quotes in it. These are written directly to the HTML output instead of being turned into " entities.
import org.apache.tapestry.annotations.Persist;
public class Example {
@Persist
private MyBean myBean;
public MyBean getMyBean() {
return myBean;
}
public void setMyBean(MyBean myBean) {
this.myBean = myBean;
}
public static class MyBean {
private String fullName = "Fred \"Fredmeister\" Flintstone";
public String getFullName() {
return fullName;
}
public void setFullName(String fullName) {
this.fullName = fullName;
}
}
}
Example.html:
<html xmlns:t="http://tapestry.apache.org/schema/tapestry_5_0_0.xsd">
<body>
<t:beanEditForm object="myBean" />
</body>
</html>
Affects Version/s: 5.0.5
This problem also occurs with the TextField component. It is not a problem with the TextArea component.
A workround is to explicitly set the "translate" property of all TextFields (for the BeanEditForm you have to provide blocks for each of them) to an instance of the following Translator:
import org.apache.tapestry.translator.StringTranslator;
public class SafeStringTranslator extends StringTranslator {
public String toClient(String value) {
return escapeXmlCharacters(super.toClient(value));
}
private String escapeXmlCharacters(String s) {
return s
.replaceAll("&", "&")
.replaceAll("\"", """)
.replaceAll(">", ">")
.replaceAll("<", "<");
}
}
> BeanEditForm outputs text values raw (no escaping of HTML characters)
> ---------------------------------------------------------------------
>
> Key: TAPESTRY-1604
> URL: https://issues.apache.org/jira/browse/TAPESTRY-1604
> Project: Tapestry
> Issue Type: Bug
> Affects Versions: 5.0.5
> Reporter: David Peterson
> Priority: Critical
>
> Simple example to demonstrate. The initial value of fullName in the bean has a couple of quotes in it. These are written directly to the HTML output instead of being turned into " entities.
> import org.apache.tapestry.annotations.Persist;
> public class Example {
> @Persist
> private MyBean myBean;
> public MyBean getMyBean() {
> return myBean;
> }
> public void setMyBean(MyBean myBean) {
> this.myBean = myBean;
> }
> }
>
> public class MyBean {
> private String fullName = "Fred \"Fredmeister\" Flintstone";
> public String getFullName() {
> return fullName;
> }
> public void setFullName(String fullName) {
> this.fullName = fullName;
> }
> }
> Example.html:
> <html xmlns:t="http://tapestry.apache.org/schema/tapestry_5_0_0.xsd">
> <body>
> <t:beanEditForm object="myBean" />
> </body>
> </html>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
For additional commands, e-mail: dev-help@tapestry.apache.org