You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Henry Kuijpers (Jira)" <ji...@apache.org> on 2020/01/17 16:21:00 UTC

[jira] [Created] (SLING-9011) HTL: "automatic" context=uri on href/src seems to be wrong - Should be uri and html

Henry Kuijpers created SLING-9011:
-------------------------------------

             Summary: HTL: "automatic" context=uri on href/src seems to be wrong - Should be uri *and* html
                 Key: SLING-9011
                 URL: https://issues.apache.org/jira/browse/SLING-9011
             Project: Sling
          Issue Type: New Feature
          Components: Scripting
    Affects Versions: Scripting HTL Engine 1.3.2-1.4.0
            Reporter: Henry Kuijpers


url=[http://test.com/?a=true&b=false&c=%3F|http://test.com/?a=true&b=false]

<a href="${url}">Test</a>

I expect the href to be (when viewing page source):

[http://test.com/?a=true&amp;b=false&amp;c=%3F]

It however is:

[http://test.com/?a=true&b=false&c=%3F]

HTML requires attributes to also be encoded, so I believe we're not doing enough to do the proper encoding/escaping here.

WDYT?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (SLING-9011) HTL: "automatic" context=uri on href/src seems to be wrong - Should be uri *and* html

[jira] [Created] (SLING-9011) HTL: "automatic" context=uri on href/src seems to be wrong - Should be uri and html