You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by jm...@apache.org on 2006/08/25 04:19:43 UTC
svn commit: r436618 - in /struts/struts1/trunk:
el/src/main/java/org/apache/strutsel/taglib/html/
el/src/main/resources/META-INF/tld/
taglib/src/main/java/org/apache/struts/taglib/html/
taglib/src/main/resources/META-INF/tld/
Author: jmitchell
Date: Thu Aug 24 19:19:42 2006
New Revision: 436618
URL: http://svn.apache.org/viewvc?rev=436618&view=rev
Log:
STR-2932 -- html:option tag does not apply any filtering to escape HTML-sensitive characters
This (newly added) filter attribute for OptionTag has the opposite default behaviour when compared to the same thing in OptionsTag. Not sure whether this needs a point release or higher before the behaviour can be matched up between the two.
Enhancement patch provided by John Fallows, thanks!!
Modified:
struts/struts1/trunk/el/src/main/java/org/apache/strutsel/taglib/html/ELOptionTag.java
struts/struts1/trunk/el/src/main/java/org/apache/strutsel/taglib/html/ELOptionTagBeanInfo.java
struts/struts1/trunk/el/src/main/resources/META-INF/tld/struts-html-el.tld
struts/struts1/trunk/taglib/src/main/java/org/apache/struts/taglib/html/OptionTag.java
struts/struts1/trunk/taglib/src/main/resources/META-INF/tld/struts-html.tld
Modified: struts/struts1/trunk/el/src/main/java/org/apache/strutsel/taglib/html/ELOptionTag.java
URL: http://svn.apache.org/viewvc/struts/struts1/trunk/el/src/main/java/org/apache/strutsel/taglib/html/ELOptionTag.java?rev=436618&r1=436617&r2=436618&view=diff
==============================================================================
--- struts/struts1/trunk/el/src/main/java/org/apache/strutsel/taglib/html/ELOptionTag.java (original)
+++ struts/struts1/trunk/el/src/main/java/org/apache/strutsel/taglib/html/ELOptionTag.java Thu Aug 24 19:19:42 2006
@@ -47,6 +47,12 @@
private String disabledExpr;
/**
+ * Instance variable mapped to "filter" tag attribute. (Mapping set in
+ * associated BeanInfo class.)
+ */
+ private String filterExpr;
+
+ /**
* Instance variable mapped to "key" tag attribute. (Mapping set in
* associated BeanInfo class.)
*/
@@ -99,6 +105,14 @@
}
/**
+ * Getter method for "filter" tag attribute. (Mapping set in associated
+ * BeanInfo class.)
+ */
+ public String getFilterExpr() {
+ return (filterExpr);
+ }
+
+ /**
* Getter method for "key" tag attribute. (Mapping set in associated
* BeanInfo class.)
*/
@@ -163,6 +177,14 @@
}
/**
+ * Setter method for "filter" tag attribute. (Mapping set in associated
+ * BeanInfo class.)
+ */
+ public void setFilterExpr(String filterExpr) {
+ this.filterExpr = filterExpr;
+ }
+
+ /**
* Setter method for "key" tag attribute. (Mapping set in associated
* BeanInfo class.)
*/
@@ -217,6 +239,7 @@
super.release();
setBundleExpr(null);
setDisabledExpr(null);
+ setFilterExpr(null);
setKeyExpr(null);
setLocaleExpr(null);
setStyleExpr(null);
@@ -257,6 +280,12 @@
EvalHelper.evalBoolean("disabled", getDisabledExpr(), this,
pageContext)) != null) {
setDisabled(bool.booleanValue());
+ }
+
+ if ((bool =
+ EvalHelper.evalBoolean("filter", getFilterExpr(), this,
+ pageContext)) != null) {
+ setFilter(bool.booleanValue());
}
if ((string =
Modified: struts/struts1/trunk/el/src/main/java/org/apache/strutsel/taglib/html/ELOptionTagBeanInfo.java
URL: http://svn.apache.org/viewvc/struts/struts1/trunk/el/src/main/java/org/apache/strutsel/taglib/html/ELOptionTagBeanInfo.java?rev=436618&r1=436617&r2=436618&view=diff
==============================================================================
--- struts/struts1/trunk/el/src/main/java/org/apache/strutsel/taglib/html/ELOptionTagBeanInfo.java (original)
+++ struts/struts1/trunk/el/src/main/java/org/apache/strutsel/taglib/html/ELOptionTagBeanInfo.java Thu Aug 24 19:19:42 2006
@@ -51,6 +51,12 @@
}
try {
+ proplist.add(new PropertyDescriptor("filter", ELOptionTag.class, null,
+ "setFilterExpr"));
+ } catch (IntrospectionException ex) {
+ }
+
+ try {
proplist.add(new PropertyDescriptor("key", ELOptionTag.class, null,
"setKeyExpr"));
} catch (IntrospectionException ex) {
Modified: struts/struts1/trunk/el/src/main/resources/META-INF/tld/struts-html-el.tld
URL: http://svn.apache.org/viewvc/struts/struts1/trunk/el/src/main/resources/META-INF/tld/struts-html-el.tld?rev=436618&r1=436617&r2=436618&view=diff
==============================================================================
--- struts/struts1/trunk/el/src/main/resources/META-INF/tld/struts-html-el.tld (original)
+++ struts/struts1/trunk/el/src/main/resources/META-INF/tld/struts-html-el.tld Thu Aug 24 19:19:42 2006
@@ -1958,7 +1958,7 @@
<code>href</code> attribute,
or the <code>page</code> attribute.</p>
<p>Additionally, you can specify a <code>module</code> prefix
- for linking to other modules.</p>
+ for linking to other modules.</p>
]]>
</description>
</attribute>
@@ -1969,10 +1969,10 @@
<description>
<![CDATA[
<p>Prefix name of a <code>Module</code> that
- contains the action mapping for the <code>Action</code>
- that is specified by the <code>action</code> attribute.
- You <strong>must</strong> specify an <code>action</code>
- attribute for this to have an effect.</p>
+ contains the action mapping for the <code>Action</code>
+ that is specified by the <code>action</code> attribute.
+ You <strong>must</strong> specify an <code>action</code>
+ attribute for this to have an effect.</p>
<p>
<strong>Note: </strong>Use "" to map to the default module.</p>
]]>
@@ -3387,7 +3387,7 @@
<code>page</code>
attribute or the <code>src</code> attribute.</p>
<p>Additionally, you can specify a <code>module</code> prefix
- for linking to other modules.</p>
+ for linking to other modules.</p>
]]>
</description>
</attribute>
@@ -3398,10 +3398,10 @@
<description>
<![CDATA[
<p>Prefix name of a <code>Module</code> that
- contains the action mapping for the <code>Action</code>
- that is specified by the <code>action</code> attribute.
- You <strong>must</strong> specify an <code>action</code>
- attribute for this to have an effect.</p>
+ contains the action mapping for the <code>Action</code>
+ that is specified by the <code>action</code> attribute.
+ You <strong>must</strong> specify an <code>action</code>
+ attribute for this to have an effect.</p>
<p>
<strong>Note: </strong>Use "" to map to the default module.</p>
]]>
@@ -3907,7 +3907,7 @@
<code>href</code> attribute, the <code>linkName</code>
attribute, or the <code>page</code> attribute.</p>
<p>Additionally, you can specify a <code>module</code> prefix
- for linking to other modules.</p>
+ for linking to other modules.</p>
]]>
</description>
</attribute>
@@ -3918,10 +3918,10 @@
<description>
<![CDATA[
<p>Prefix name of a <code>Module</code> that
- contains the action mapping for the <code>Action</code>
- that is specified by the <code>action</code> attribute.
- You <strong>must</strong> specify an <code>action</code>
- attribute for this to have an effect.</p>
+ contains the action mapping for the <code>Action</code>
+ that is specified by the <code>action</code> attribute.
+ You <strong>must</strong> specify an <code>action</code>
+ attribute for this to have an effect.</p>
<p>
<strong>Note: </strong>Use "" to map to the default module.</p>
]]>
@@ -4907,6 +4907,19 @@
</description>
</attribute>
<attribute>
+ <name>filter</name>
+ <required>false</required>
+ <rtexprvalue>true</rtexprvalue>
+ <type>boolean</type>
+ <description>
+ <![CDATA[
+ Set to <code>true</code> if you want the option label to be
+ filtered for sensitive characters in HTML. By default, such
+ a value is NOT filtered.
+ ]]>
+ </description>
+ </attribute>
+ <attribute>
<name>key</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
@@ -6372,7 +6385,7 @@
<code>href</code> attribute, or the <code>page</code>
attribute.</p>
<p>Additionally, you can specify a <code>module</code> prefix
- for linking to other modules.</p>
+ for linking to other modules.</p>
<dl><dt><b>Since:</b></dt>
<dd>Struts 1.2.0</dd></dl>
]]>
@@ -6385,10 +6398,10 @@
<description>
<![CDATA[
<p>Prefix name of a <code>Module</code> that
- contains the action mapping for the <code>Action</code>
- that is specified by the <code>action</code> attribute.
- You <strong>must</strong> specify an <code>action</code>
- attribute for this to have an effect.</p>
+ contains the action mapping for the <code>Action</code>
+ that is specified by the <code>action</code> attribute.
+ You <strong>must</strong> specify an <code>action</code>
+ attribute for this to have an effect.</p>
<p>
<strong>Note: </strong>Use "" to map to the default module.</p>
]]>
@@ -8131,8 +8144,8 @@
</p>
<p>
<strong>Note</strong>: Included pages do not inherit the rendering
- style of the including page. Each JSP fragment or Tile must use this
- tag to render as XHTML.
+ style of the including page. Each JSP fragment or Tile must use this
+ tag to render as XHTML.
</p>
]]>
</description>
Modified: struts/struts1/trunk/taglib/src/main/java/org/apache/struts/taglib/html/OptionTag.java
URL: http://svn.apache.org/viewvc/struts/struts1/trunk/taglib/src/main/java/org/apache/struts/taglib/html/OptionTag.java?rev=436618&r1=436617&r2=436618&view=diff
==============================================================================
--- struts/struts1/trunk/taglib/src/main/java/org/apache/struts/taglib/html/OptionTag.java (original)
+++ struts/struts1/trunk/taglib/src/main/java/org/apache/struts/taglib/html/OptionTag.java Thu Aug 24 19:19:42 2006
@@ -42,6 +42,7 @@
MessageResources.getMessageResources(Constants.Package
+ ".LocalStrings");
+
/**
* The message text to be displayed to the user for this tag (if any)
*/
@@ -61,6 +62,11 @@
protected boolean disabled = false;
/**
+ * Should the label be filtered for HTML sensitive characters?
+ */
+ protected boolean filter = false;
+
+ /**
* The key used to look up the text displayed to the user for this option,
* if any.
*/
@@ -110,6 +116,14 @@
this.disabled = disabled;
}
+ public boolean getFilter() {
+ return (this.filter);
+ }
+
+ public void setFilter(boolean filter) {
+ this.filter = filter;
+ }
+
public String getKey() {
return (this.key);
}
@@ -223,7 +237,12 @@
throws JspException {
StringBuffer results = new StringBuffer("<option value=\"");
- results.append(this.value);
+ if (filter) {
+ results.append(TagUtils.getInstance().filter(this.value));
+ }
+ else {
+ results.append(this.value);
+ }
results.append("\"");
if (disabled) {
Modified: struts/struts1/trunk/taglib/src/main/resources/META-INF/tld/struts-html.tld
URL: http://svn.apache.org/viewvc/struts/struts1/trunk/taglib/src/main/resources/META-INF/tld/struts-html.tld?rev=436618&r1=436617&r2=436618&view=diff
==============================================================================
--- struts/struts1/trunk/taglib/src/main/resources/META-INF/tld/struts-html.tld (original)
+++ struts/struts1/trunk/taglib/src/main/resources/META-INF/tld/struts-html.tld Thu Aug 24 19:19:42 2006
@@ -5247,6 +5247,19 @@
</description>
</attribute>
<attribute>
+ <name>filter</name>
+ <required>false</required>
+ <rtexprvalue>true</rtexprvalue>
+ <type>boolean</type>
+ <description>
+ <![CDATA[
+ Set to <code>true</code> if you want the option label to be
+ filtered for sensitive characters in HTML. By default, such
+ a value is NOT filtered.
+ ]]>
+ </description>
+ </attribute>
+ <attribute>
<name>key</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>