You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wicket.apache.org by Sven Meier <sv...@meiers.net> on 2007/07/08 11:29:28 UTC
Escaping quotes in attributes
Why is ComponentTag escaping quotes in attribute values with a backslash?
For valid xhtml it should be an entity:
Index:
/home/sven/workspace/wicket/jdk-1.4/wicket/src/main/java/org/apache/wicket/markup/ComponentTag.java
===================================================================
---
/home/sven/workspace/wicket/jdk-1.4/wicket/src/main/java/org/apache/wicket/markup/ComponentTag.java
(revision 554069)
+++
/home/sven/workspace/wicket/jdk-1.4/wicket/src/main/java/org/apache/wicket/markup/ComponentTag.java
(working copy)
@@ -653,7 +653,7 @@
if (value != null)
{
response.write("=\"");
- value = Strings.replaceAll(value, "\"", "\\\"");
+ value = Strings.replaceAll(value, "\"", """);
response.write(value);
response.write("\"");
}
Should it not?
Sven
Re: Escaping quotes in attributes
Posted by Eelco Hillenius <ee...@gmail.com>.
> 1. Automatically insert an attribute value that's the same as the name
> (which I think it always should be), for things like disabled.
>
> 2. Prevent people adding null values to the map in the first place. To
> do this, we'd need to wrap the IValueMap in XmlTag with some magic
> on the put method to check for null values. Or we could add a
> boolean flag to IValueMap to say whether it accepts them, or
> similar.
>
> Obviously #1 is nice and simple.
>
> What do people think?
#1 sounds good to me.
Eelco
Re: Escaping quotes in attributes
Posted by Al Maw <wi...@almaw.com>.
Eelco Hillenius wrote:
> On 7/8/07, Sven Meier <sv...@meiers.net> wrote:
>> See:
>>
>> label.add(new AttributeModifier("onclick", true, new
>> Model("someFancyJavascript(\"fancy\")")));
>>
>> ... will result in something like:
>>
>> <span onclick="someFancyJavascript(\"fancy\"">
>>
>> For Firefox the value of onclick is now "someFancyJavascript(\", this is
>> the problem I'm experiencing.
>>
>> The Ajax stuff is working fine because it uses single quotes (').
>
> Did someone create an issue for this yet?
http://issues.apache.org/jira/browse/WICKET-741
Fixed in trunk.
Additionally, around that line there is the dubious comment:
// attributes without values are possible, e.g. 'disabled'
if (value != null) { // ...
For XHTML, this isn't right - attributes must always have values.
As far as I see it, we have two options here:
1. Automatically insert an attribute value that's the same as the name
(which I think it always should be), for things like disabled.
2. Prevent people adding null values to the map in the first place. To
do this, we'd need to wrap the IValueMap in XmlTag with some magic
on the put method to check for null values. Or we could add a
boolean flag to IValueMap to say whether it accepts them, or
similar.
Obviously #1 is nice and simple.
What do people think?
Best regards,
Al
--
Alastair Maw
Wicket-biased blog at http://herebebeasties.com
Re: Escaping quotes in attributes
Posted by Eelco Hillenius <ee...@gmail.com>.
On 7/8/07, Sven Meier <sv...@meiers.net> wrote:
> See:
>
> label.add(new AttributeModifier("onclick", true, new
> Model("someFancyJavascript(\"fancy\")")));
>
> ... will result in something like:
>
> <span onclick="someFancyJavascript(\"fancy\"">
>
> For Firefox the value of onclick is now "someFancyJavascript(\", this is
> the problem I'm experiencing.
>
> The Ajax stuff is working fine because it uses single quotes (').
Did someone create an issue for this yet?
Eelco
Re: Escaping quotes in attributes
Posted by Sven Meier <sv...@meiers.net>.
See:
label.add(new AttributeModifier("onclick", true, new
Model("someFancyJavascript(\"fancy\")")));
... will result in something like:
<span onclick="someFancyJavascript(\"fancy\"">
For Firefox the value of onclick is now "someFancyJavascript(\", this is
the problem I'm experiencing.
The Ajax stuff is working fine because it uses single quotes (').
Sven
Juergen Donnerstag schrieb:
> But it seems to properly escape it to me. No browser is complaining
> with all the javascript you get when using Ajax. Are you experiencing
> problems? Don't get me wrong, but if everything is working fine, why
> should we change it? Is any xhtml validator complaining about it?
>
> Juergen
>
> On 7/8/07, Sven Meier <sv...@meiers.net> wrote:
>> It's about escaping a quote (") in the value, when not properly escaped,
>> the value ends prematurely.
>>
>> Sven
>>
>> Juergen Donnerstag schrieb:
>> > Until now nobody complaint about it not working properly in any
>> > browser. Could you please point to the right spec where it says that
>> > "\" must be escaped with ". A xhtml validator output would do as
>> > well.
>> >
>> > Juergen
>> >
>> > On 7/8/07, Sven Meier <sv...@meiers.net> wrote:
>> >> Why is ComponentTag escaping quotes in attribute values with a
>> >> backslash?
>> >> For valid xhtml it should be an entity:
>> >>
>> >> Index:
>> >>
>> /home/sven/workspace/wicket/jdk-1.4/wicket/src/main/java/org/apache/wicket/markup/ComponentTag.java
>>
>> >>
>> >> ===================================================================
>> >> ---
>> >>
>> /home/sven/workspace/wicket/jdk-1.4/wicket/src/main/java/org/apache/wicket/markup/ComponentTag.java
>>
>> >>
>> >> (revision 554069)
>> >> +++
>> >>
>> /home/sven/workspace/wicket/jdk-1.4/wicket/src/main/java/org/apache/wicket/markup/ComponentTag.java
>>
>> >>
>> >> (working copy)
>> >> @@ -653,7 +653,7 @@
>> >> if (value != null)
>> >> {
>> >> response.write("=\"");
>> >> - value = Strings.replaceAll(value, "\"",
>> >> "\\\"");
>> >> + value = Strings.replaceAll(value, "\"",
>> >> """);
>> >> response.write(value);
>> >> response.write("\"");
>> >> }
>> >>
>> >> Should it not?
>> >>
>> >> Sven
>> >>
>> >
>>
>>
>
Re: Escaping quotes in attributes
Posted by Juergen Donnerstag <ju...@gmail.com>.
But it seems to properly escape it to me. No browser is complaining
with all the javascript you get when using Ajax. Are you experiencing
problems? Don't get me wrong, but if everything is working fine, why
should we change it? Is any xhtml validator complaining about it?
Juergen
On 7/8/07, Sven Meier <sv...@meiers.net> wrote:
> It's about escaping a quote (") in the value, when not properly escaped,
> the value ends prematurely.
>
> Sven
>
> Juergen Donnerstag schrieb:
> > Until now nobody complaint about it not working properly in any
> > browser. Could you please point to the right spec where it says that
> > "\" must be escaped with ". A xhtml validator output would do as
> > well.
> >
> > Juergen
> >
> > On 7/8/07, Sven Meier <sv...@meiers.net> wrote:
> >> Why is ComponentTag escaping quotes in attribute values with a
> >> backslash?
> >> For valid xhtml it should be an entity:
> >>
> >> Index:
> >> /home/sven/workspace/wicket/jdk-1.4/wicket/src/main/java/org/apache/wicket/markup/ComponentTag.java
> >>
> >> ===================================================================
> >> ---
> >> /home/sven/workspace/wicket/jdk-1.4/wicket/src/main/java/org/apache/wicket/markup/ComponentTag.java
> >>
> >> (revision 554069)
> >> +++
> >> /home/sven/workspace/wicket/jdk-1.4/wicket/src/main/java/org/apache/wicket/markup/ComponentTag.java
> >>
> >> (working copy)
> >> @@ -653,7 +653,7 @@
> >> if (value != null)
> >> {
> >> response.write("=\"");
> >> - value = Strings.replaceAll(value, "\"",
> >> "\\\"");
> >> + value = Strings.replaceAll(value, "\"",
> >> """);
> >> response.write(value);
> >> response.write("\"");
> >> }
> >>
> >> Should it not?
> >>
> >> Sven
> >>
> >
>
>
Re: Escaping quotes in attributes
Posted by Sven Meier <sv...@meiers.net>.
It's about escaping a quote (") in the value, when not properly escaped,
the value ends prematurely.
Sven
Juergen Donnerstag schrieb:
> Until now nobody complaint about it not working properly in any
> browser. Could you please point to the right spec where it says that
> "\" must be escaped with ". A xhtml validator output would do as
> well.
>
> Juergen
>
> On 7/8/07, Sven Meier <sv...@meiers.net> wrote:
>> Why is ComponentTag escaping quotes in attribute values with a
>> backslash?
>> For valid xhtml it should be an entity:
>>
>> Index:
>> /home/sven/workspace/wicket/jdk-1.4/wicket/src/main/java/org/apache/wicket/markup/ComponentTag.java
>>
>> ===================================================================
>> ---
>> /home/sven/workspace/wicket/jdk-1.4/wicket/src/main/java/org/apache/wicket/markup/ComponentTag.java
>>
>> (revision 554069)
>> +++
>> /home/sven/workspace/wicket/jdk-1.4/wicket/src/main/java/org/apache/wicket/markup/ComponentTag.java
>>
>> (working copy)
>> @@ -653,7 +653,7 @@
>> if (value != null)
>> {
>> response.write("=\"");
>> - value = Strings.replaceAll(value, "\"",
>> "\\\"");
>> + value = Strings.replaceAll(value, "\"",
>> """);
>> response.write(value);
>> response.write("\"");
>> }
>>
>> Should it not?
>>
>> Sven
>>
>
Re: Escaping quotes in attributes
Posted by Juergen Donnerstag <ju...@gmail.com>.
Until now nobody complaint about it not working properly in any
browser. Could you please point to the right spec where it says that
"\" must be escaped with ". A xhtml validator output would do as
well.
Juergen
On 7/8/07, Sven Meier <sv...@meiers.net> wrote:
> Why is ComponentTag escaping quotes in attribute values with a backslash?
> For valid xhtml it should be an entity:
>
> Index:
> /home/sven/workspace/wicket/jdk-1.4/wicket/src/main/java/org/apache/wicket/markup/ComponentTag.java
> ===================================================================
> ---
> /home/sven/workspace/wicket/jdk-1.4/wicket/src/main/java/org/apache/wicket/markup/ComponentTag.java
> (revision 554069)
> +++
> /home/sven/workspace/wicket/jdk-1.4/wicket/src/main/java/org/apache/wicket/markup/ComponentTag.java
> (working copy)
> @@ -653,7 +653,7 @@
> if (value != null)
> {
> response.write("=\"");
> - value = Strings.replaceAll(value, "\"", "\\\"");
> + value = Strings.replaceAll(value, "\"", """);
> response.write(value);
> response.write("\"");
> }
>
> Should it not?
>
> Sven
>