You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lu...@apache.org on 2014/02/18 05:08:40 UTC
svn commit: r1569180 - in /myfaces/core/trunk/impl/src:
main/java/org/apache/myfaces/view/facelets/compiler/
main/java/org/apache/myfaces/view/facelets/el/
test/java/org/apache/myfaces/view/facelets/compiler/
test/resources/org/apache/myfaces/view/face...
Author: lu4242
Date: Tue Feb 18 04:08:39 2014
New Revision: 1569180
URL: http://svn.apache.org/r1569180
Log:
MYFACES-3850 html EL expression inside markup enables escape on static text in facelets jspx mode
Modified:
myfaces/core/trunk/impl/src/main/java/org/apache/myfaces/view/facelets/compiler/TextUnit.java
myfaces/core/trunk/impl/src/main/java/org/apache/myfaces/view/facelets/el/ELText.java
myfaces/core/trunk/impl/src/test/java/org/apache/myfaces/view/facelets/compiler/JSPXFaceletsProcessingTestCase.java
myfaces/core/trunk/impl/src/test/java/org/apache/myfaces/view/facelets/compiler/XHTMLFaceletsProcessingTestCase.java
myfaces/core/trunk/impl/src/test/resources/org/apache/myfaces/view/facelets/compiler/testJSPXProcessing1.jspx
myfaces/core/trunk/impl/src/test/resources/org/apache/myfaces/view/facelets/compiler/testXHTMLProcessing1.xhtml
Modified: myfaces/core/trunk/impl/src/main/java/org/apache/myfaces/view/facelets/compiler/TextUnit.java
URL: http://svn.apache.org/viewvc/myfaces/core/trunk/impl/src/main/java/org/apache/myfaces/view/facelets/compiler/TextUnit.java?rev=1569180&r1=1569179&r2=1569180&view=diff
==============================================================================
--- myfaces/core/trunk/impl/src/main/java/org/apache/myfaces/view/facelets/compiler/TextUnit.java (original)
+++ myfaces/core/trunk/impl/src/main/java/org/apache/myfaces/view/facelets/compiler/TextUnit.java Tue Feb 18 04:08:39 2014
@@ -156,7 +156,35 @@ final class TextUnit extends Compilation
}
else
{
- this.instructionBuffer.add(new TextInstruction(this.alias, txt ));
+ if (escapeInlineText)
+ {
+ this.instructionBuffer.add(new TextInstruction(this.alias, txt ));
+ }
+ else
+ {
+ // When escape inline text is disabled (jspx case) we have to split the EL and add
+ // separate instructions, so it can be properly escaped.
+ ELText[] splitText = ELText.parseAsArray(s);
+ if (splitText.length > 1)
+ {
+ for (ELText selText : splitText)
+ {
+ if (selText.isLiteral())
+ {
+ this.instructionBuffer.add(
+ new LiteralNonExcapedTextInstruction(selText.toString()));
+ }
+ else
+ {
+ this.instructionBuffer.add(new TextInstruction(this.alias, selText ));
+ }
+ }
+ }
+ else
+ {
+ this.instructionBuffer.add(new TextInstruction(this.alias, txt ));
+ }
+ }
}
}
}
@@ -184,7 +212,28 @@ final class TextUnit extends Compilation
{
s = compressELText(s);
}
- this.instructionBuffer.add(new TextInstruction(this.alias, ELText.parse(s) ));
+ // When escape inline text is disabled (jspx case) we have to split the EL and add
+ // separate instructions, so it can be properly escaped.
+ ELText[] splitText = ELText.parseAsArray(s);
+ if (splitText.length > 1)
+ {
+ for (ELText selText : splitText)
+ {
+ if (selText.isLiteral())
+ {
+ this.instructionBuffer.add(
+ new LiteralNonExcapedTextInstruction(selText.toString()));
+ }
+ else
+ {
+ this.instructionBuffer.add(new TextInstruction(this.alias, selText ));
+ }
+ }
+ }
+ else
+ {
+ this.instructionBuffer.add(new TextInstruction(this.alias, ELText.parse(s)));
+ }
}
}
}
Modified: myfaces/core/trunk/impl/src/main/java/org/apache/myfaces/view/facelets/el/ELText.java
URL: http://svn.apache.org/viewvc/myfaces/core/trunk/impl/src/main/java/org/apache/myfaces/view/facelets/el/ELText.java?rev=1569180&r1=1569179&r2=1569180&view=diff
==============================================================================
--- myfaces/core/trunk/impl/src/main/java/org/apache/myfaces/view/facelets/el/ELText.java (original)
+++ myfaces/core/trunk/impl/src/main/java/org/apache/myfaces/view/facelets/el/ELText.java Tue Feb 18 04:08:39 2014
@@ -555,6 +555,91 @@ public class ELText
return new ELTextComposite(ta);
}
}
+
+ public static ELText[] parseAsArray(String in) throws ELException
+ {
+ return parseAsArray(null, null, in);
+ }
+
+ public static ELText[] parseAsArray(ExpressionFactory fact, ELContext ctx, String in) throws ELException
+ {
+ char[] ca = in.toCharArray();
+ int i = 0;
+ char c = 0;
+ int len = ca.length;
+ int end = len - 1;
+ boolean esc = false;
+ int vlen = 0;
+
+ StringBuffer buff = new StringBuffer(128);
+ List<ELText> text = new ArrayList<ELText>();
+ ELText t = null;
+ ValueExpression ve = null;
+
+ while (i < len)
+ {
+ c = ca[i];
+ if ('\\' == c)
+ {
+ esc = !esc;
+ if (esc && i < end && (ca[i + 1] == '$' || ca[i + 1] == '#'))
+ {
+ i++;
+ continue;
+ }
+ }
+ else if (!esc && ('$' == c || '#' == c))
+ {
+ if (i < end)
+ {
+ if ('{' == ca[i + 1])
+ {
+ if (buff.length() > 0)
+ {
+ text.add(new ELText(buff.toString()));
+ buff.setLength(0);
+ }
+ vlen = findVarLength(ca, i);
+ if (ctx != null && fact != null)
+ {
+ ve = fact.createValueExpression(ctx, new String(ca, i, vlen), String.class);
+ t = new ELCacheableTextVariable(ve);
+ }
+ else
+ {
+ t = new ELCacheableTextVariable(new LiteralValueExpression(new String(ca, i, vlen)));
+ }
+ text.add(t);
+ i += vlen;
+ continue;
+ }
+ }
+ }
+ esc = false;
+ buff.append(c);
+ i++;
+ }
+
+ if (buff.length() > 0)
+ {
+ text.add(new ELText(new String(buff.toString())));
+ buff.setLength(0);
+ }
+
+ if (text.size() == 0)
+ {
+ return null;
+ }
+ else if (text.size() == 1)
+ {
+ return new ELText[]{text.get(0)};
+ }
+ else
+ {
+ ELText[] ta = (ELText[]) text.toArray(new ELText[text.size()]);
+ return ta;
+ }
+ }
public static boolean isLiteral(ExpressionFactory fact, ELContext ctx, String in) throws ELException
{
Modified: myfaces/core/trunk/impl/src/test/java/org/apache/myfaces/view/facelets/compiler/JSPXFaceletsProcessingTestCase.java
URL: http://svn.apache.org/viewvc/myfaces/core/trunk/impl/src/test/java/org/apache/myfaces/view/facelets/compiler/JSPXFaceletsProcessingTestCase.java?rev=1569180&r1=1569179&r2=1569180&view=diff
==============================================================================
--- myfaces/core/trunk/impl/src/test/java/org/apache/myfaces/view/facelets/compiler/JSPXFaceletsProcessingTestCase.java (original)
+++ myfaces/core/trunk/impl/src/test/java/org/apache/myfaces/view/facelets/compiler/JSPXFaceletsProcessingTestCase.java Tue Feb 18 04:08:39 2014
@@ -93,6 +93,8 @@ public class JSPXFaceletsProcessingTestC
@Test
public void testJSPXProcessing1() throws Exception
{
+ facesContext.getExternalContext().getRequestMap().put("rquote", "\"");
+
UIViewRoot root = facesContext.getViewRoot();
vdl.buildView(facesContext, root, "testJSPXProcessing1.jspx");
@@ -113,6 +115,7 @@ public class JSPXFaceletsProcessingTestC
Assert.assertTrue("Response does not contains cdata content", resp.contains("cdata not consumed"));
Assert.assertTrue("Response does not escape characters", resp.contains("In this mode, if you put a double quote, it will NOT be replaced by " : \""));
Assert.assertFalse("Response contains comments", resp.contains("<!--"));
+ Assert.assertTrue("Response should escape EL but not markup", resp.contains("Check EL Escaping " : \""));
}
}
Modified: myfaces/core/trunk/impl/src/test/java/org/apache/myfaces/view/facelets/compiler/XHTMLFaceletsProcessingTestCase.java
URL: http://svn.apache.org/viewvc/myfaces/core/trunk/impl/src/test/java/org/apache/myfaces/view/facelets/compiler/XHTMLFaceletsProcessingTestCase.java?rev=1569180&r1=1569179&r2=1569180&view=diff
==============================================================================
--- myfaces/core/trunk/impl/src/test/java/org/apache/myfaces/view/facelets/compiler/XHTMLFaceletsProcessingTestCase.java (original)
+++ myfaces/core/trunk/impl/src/test/java/org/apache/myfaces/view/facelets/compiler/XHTMLFaceletsProcessingTestCase.java Tue Feb 18 04:08:39 2014
@@ -94,6 +94,8 @@ public class XHTMLFaceletsProcessingTest
@Test
public void testXHTMLProcessing1() throws Exception
{
+ facesContext.getExternalContext().getRequestMap().put("rquote", "\"");
+
UIViewRoot root = facesContext.getViewRoot();
vdl.buildView(facesContext, root, "testXHTMLProcessing1.xhtml");
@@ -115,6 +117,7 @@ public class XHTMLFaceletsProcessingTest
Assert.assertTrue("Response contains cdata section", resp.contains("cdata not consumed"));
Assert.assertTrue("Response does not escape characters", resp.contains("In this mode, if you put a double quote, it will be replaced by " : ""));
Assert.assertTrue("Response contains comments", resp.contains("<!--"));
+ Assert.assertTrue("Response should escape EL and markup", resp.contains("Check EL Escaping " : ""));
}
}
Modified: myfaces/core/trunk/impl/src/test/resources/org/apache/myfaces/view/facelets/compiler/testJSPXProcessing1.jspx
URL: http://svn.apache.org/viewvc/myfaces/core/trunk/impl/src/test/resources/org/apache/myfaces/view/facelets/compiler/testJSPXProcessing1.jspx?rev=1569180&r1=1569179&r2=1569180&view=diff
==============================================================================
--- myfaces/core/trunk/impl/src/test/resources/org/apache/myfaces/view/facelets/compiler/testJSPXProcessing1.jspx (original)
+++ myfaces/core/trunk/impl/src/test/resources/org/apache/myfaces/view/facelets/compiler/testJSPXProcessing1.jspx Tue Feb 18 04:08:39 2014
@@ -30,5 +30,6 @@
<h:panelGrid columns="1">
In this mode, if you put a double quote, it will NOT be replaced by &quot; : "
</h:panelGrid>
+Check EL Escaping #{requestScope.rquote} : "
</body>
</html>
Modified: myfaces/core/trunk/impl/src/test/resources/org/apache/myfaces/view/facelets/compiler/testXHTMLProcessing1.xhtml
URL: http://svn.apache.org/viewvc/myfaces/core/trunk/impl/src/test/resources/org/apache/myfaces/view/facelets/compiler/testXHTMLProcessing1.xhtml?rev=1569180&r1=1569179&r2=1569180&view=diff
==============================================================================
--- myfaces/core/trunk/impl/src/test/resources/org/apache/myfaces/view/facelets/compiler/testXHTMLProcessing1.xhtml (original)
+++ myfaces/core/trunk/impl/src/test/resources/org/apache/myfaces/view/facelets/compiler/testXHTMLProcessing1.xhtml Tue Feb 18 04:08:39 2014
@@ -30,5 +30,6 @@
<h:panelGrid columns="1">
In this mode, if you put a double quote, it will be replaced by " : "
</h:panelGrid>
+Check EL Escaping #{requestScope.rquote} : "
</body>
</html>