You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tapestry.apache.org by "David Peterson (JIRA)" <de...@tapestry.apache.org> on 2007/06/26 17:42:25 UTC
[jira] Created: (TAPESTRY-1604) BeanEditForm outputs text values
raw (no escaping of HTML characters)
BeanEditForm outputs text values raw (no escaping of HTML characters)
---------------------------------------------------------------------
Key: TAPESTRY-1604
URL: https://issues.apache.org/jira/browse/TAPESTRY-1604
Project: Tapestry
Issue Type: Bug
Reporter: David Peterson
Priority: Critical
Fix For: 5.0.5
Simple example to demonstrate. The initial value of fullName in the bean has a couple of quotes in it. These are written directly to the HTML output instead of being turned into " entities.
import org.apache.tapestry.annotations.Persist;
public class Example {
@Persist
private MyBean myBean;
public MyBean getMyBean() {
return myBean;
}
public void setMyBean(MyBean myBean) {
this.myBean = myBean;
}
public static class MyBean {
private String fullName = "Fred \"Fredmeister\" Flintstone";
public String getFullName() {
return fullName;
}
public void setFullName(String fullName) {
this.fullName = fullName;
}
}
}
Example.html:
<html xmlns:t="http://tapestry.apache.org/schema/tapestry_5_0_0.xsd">
<body>
<t:beanEditForm object="myBean" />
</body>
</html>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
For additional commands, e-mail: dev-help@tapestry.apache.org
[jira] Updated: (TAPESTRY-1604) Attributes of elements do not have
entity values quoted (including the " character itself) resulting in
invalid markup
Posted by "Howard M. Lewis Ship (JIRA)" <de...@tapestry.apache.org>.
[ https://issues.apache.org/jira/browse/TAPESTRY-1604?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Howard M. Lewis Ship updated TAPESTRY-1604:
-------------------------------------------
Summary: Attributes of elements do not have entity values quoted (including the " character itself) resulting in invalid markup (was: BeanEditForm outputs text values raw (no escaping of HTML characters))
Although this was originally posed as an issue on the BeanEditForm, it's actually part of the DOM implementation used to render pages in general.
> Attributes of elements do not have entity values quoted (including the " character itself) resulting in invalid markup
> ---------------------------------------------------------------------------------------------------------------------------
>
> Key: TAPESTRY-1604
> URL: https://issues.apache.org/jira/browse/TAPESTRY-1604
> Project: Tapestry
> Issue Type: Bug
> Affects Versions: 5.0.5
> Reporter: David Peterson
> Assignee: Howard M. Lewis Ship
> Priority: Critical
>
> Simple example to demonstrate. The initial value of fullName in the bean has a couple of quotes in it. These are written directly to the HTML output instead of being turned into " entities.
> import org.apache.tapestry.annotations.Persist;
> public class Example {
> @Persist
> private MyBean myBean;
> public MyBean getMyBean() {
> return myBean;
> }
> public void setMyBean(MyBean myBean) {
> this.myBean = myBean;
> }
> }
>
> public class MyBean {
> private String fullName = "Fred \"Fredmeister\" Flintstone";
> public String getFullName() {
> return fullName;
> }
> public void setFullName(String fullName) {
> this.fullName = fullName;
> }
> }
> Example.html:
> <html xmlns:t="http://tapestry.apache.org/schema/tapestry_5_0_0.xsd">
> <body>
> <t:beanEditForm object="myBean" />
> </body>
> </html>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
For additional commands, e-mail: dev-help@tapestry.apache.org
[jira] Updated: (TAPESTRY-1604) BeanEditForm outputs text values
raw (no escaping of HTML characters)
Posted by "David Peterson (JIRA)" <de...@tapestry.apache.org>.
[ https://issues.apache.org/jira/browse/TAPESTRY-1604?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Peterson updated TAPESTRY-1604:
-------------------------------------
Fix Version/s: (was: 5.0.5)
Description:
Simple example to demonstrate. The initial value of fullName in the bean has a couple of quotes in it. These are written directly to the HTML output instead of being turned into " entities.
import org.apache.tapestry.annotations.Persist;
public class Example {
@Persist
private MyBean myBean;
public MyBean getMyBean() {
return myBean;
}
public void setMyBean(MyBean myBean) {
this.myBean = myBean;
}
}
public class MyBean {
private String fullName = "Fred \"Fredmeister\" Flintstone";
public String getFullName() {
return fullName;
}
public void setFullName(String fullName) {
this.fullName = fullName;
}
}
Example.html:
<html xmlns:t="http://tapestry.apache.org/schema/tapestry_5_0_0.xsd">
<body>
<t:beanEditForm object="myBean" />
</body>
</html>
was:
Simple example to demonstrate. The initial value of fullName in the bean has a couple of quotes in it. These are written directly to the HTML output instead of being turned into " entities.
import org.apache.tapestry.annotations.Persist;
public class Example {
@Persist
private MyBean myBean;
public MyBean getMyBean() {
return myBean;
}
public void setMyBean(MyBean myBean) {
this.myBean = myBean;
}
public static class MyBean {
private String fullName = "Fred \"Fredmeister\" Flintstone";
public String getFullName() {
return fullName;
}
public void setFullName(String fullName) {
this.fullName = fullName;
}
}
}
Example.html:
<html xmlns:t="http://tapestry.apache.org/schema/tapestry_5_0_0.xsd">
<body>
<t:beanEditForm object="myBean" />
</body>
</html>
Affects Version/s: 5.0.5
This problem also occurs with the TextField component. It is not a problem with the TextArea component.
A workround is to explicitly set the "translate" property of all TextFields (for the BeanEditForm you have to provide blocks for each of them) to an instance of the following Translator:
import org.apache.tapestry.translator.StringTranslator;
public class SafeStringTranslator extends StringTranslator {
public String toClient(String value) {
return escapeXmlCharacters(super.toClient(value));
}
private String escapeXmlCharacters(String s) {
return s
.replaceAll("&", "&")
.replaceAll("\"", """)
.replaceAll(">", ">")
.replaceAll("<", "<");
}
}
> BeanEditForm outputs text values raw (no escaping of HTML characters)
> ---------------------------------------------------------------------
>
> Key: TAPESTRY-1604
> URL: https://issues.apache.org/jira/browse/TAPESTRY-1604
> Project: Tapestry
> Issue Type: Bug
> Affects Versions: 5.0.5
> Reporter: David Peterson
> Priority: Critical
>
> Simple example to demonstrate. The initial value of fullName in the bean has a couple of quotes in it. These are written directly to the HTML output instead of being turned into " entities.
> import org.apache.tapestry.annotations.Persist;
> public class Example {
> @Persist
> private MyBean myBean;
> public MyBean getMyBean() {
> return myBean;
> }
> public void setMyBean(MyBean myBean) {
> this.myBean = myBean;
> }
> }
>
> public class MyBean {
> private String fullName = "Fred \"Fredmeister\" Flintstone";
> public String getFullName() {
> return fullName;
> }
> public void setFullName(String fullName) {
> this.fullName = fullName;
> }
> }
> Example.html:
> <html xmlns:t="http://tapestry.apache.org/schema/tapestry_5_0_0.xsd">
> <body>
> <t:beanEditForm object="myBean" />
> </body>
> </html>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
For additional commands, e-mail: dev-help@tapestry.apache.org
[jira] Assigned: (TAPESTRY-1604) BeanEditForm outputs text values
raw (no escaping of HTML characters)
Posted by "Howard M. Lewis Ship (JIRA)" <de...@tapestry.apache.org>.
[ https://issues.apache.org/jira/browse/TAPESTRY-1604?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Howard M. Lewis Ship reassigned TAPESTRY-1604:
----------------------------------------------
Assignee: Howard M. Lewis Ship
> BeanEditForm outputs text values raw (no escaping of HTML characters)
> ---------------------------------------------------------------------
>
> Key: TAPESTRY-1604
> URL: https://issues.apache.org/jira/browse/TAPESTRY-1604
> Project: Tapestry
> Issue Type: Bug
> Affects Versions: 5.0.5
> Reporter: David Peterson
> Assignee: Howard M. Lewis Ship
> Priority: Critical
>
> Simple example to demonstrate. The initial value of fullName in the bean has a couple of quotes in it. These are written directly to the HTML output instead of being turned into " entities.
> import org.apache.tapestry.annotations.Persist;
> public class Example {
> @Persist
> private MyBean myBean;
> public MyBean getMyBean() {
> return myBean;
> }
> public void setMyBean(MyBean myBean) {
> this.myBean = myBean;
> }
> }
>
> public class MyBean {
> private String fullName = "Fred \"Fredmeister\" Flintstone";
> public String getFullName() {
> return fullName;
> }
> public void setFullName(String fullName) {
> this.fullName = fullName;
> }
> }
> Example.html:
> <html xmlns:t="http://tapestry.apache.org/schema/tapestry_5_0_0.xsd">
> <body>
> <t:beanEditForm object="myBean" />
> </body>
> </html>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
For additional commands, e-mail: dev-help@tapestry.apache.org
[jira] Closed: (TAPESTRY-1604) Attributes of elements do not have
entity values quoted (including the " character itself) resulting in
invalid markup
Posted by "Howard M. Lewis Ship (JIRA)" <de...@tapestry.apache.org>.
[ https://issues.apache.org/jira/browse/TAPESTRY-1604?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Howard M. Lewis Ship closed TAPESTRY-1604.
------------------------------------------
Resolution: Fixed
Fix Version/s: 5.0.6
> Attributes of elements do not have entity values quoted (including the " character itself) resulting in invalid markup
> ---------------------------------------------------------------------------------------------------------------------------
>
> Key: TAPESTRY-1604
> URL: https://issues.apache.org/jira/browse/TAPESTRY-1604
> Project: Tapestry
> Issue Type: Bug
> Affects Versions: 5.0.5
> Reporter: David Peterson
> Assignee: Howard M. Lewis Ship
> Priority: Critical
> Fix For: 5.0.6
>
>
> Simple example to demonstrate. The initial value of fullName in the bean has a couple of quotes in it. These are written directly to the HTML output instead of being turned into " entities.
> import org.apache.tapestry.annotations.Persist;
> public class Example {
> @Persist
> private MyBean myBean;
> public MyBean getMyBean() {
> return myBean;
> }
> public void setMyBean(MyBean myBean) {
> this.myBean = myBean;
> }
> }
>
> public class MyBean {
> private String fullName = "Fred \"Fredmeister\" Flintstone";
> public String getFullName() {
> return fullName;
> }
> public void setFullName(String fullName) {
> this.fullName = fullName;
> }
> }
> Example.html:
> <html xmlns:t="http://tapestry.apache.org/schema/tapestry_5_0_0.xsd">
> <body>
> <t:beanEditForm object="myBean" />
> </body>
> </html>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
For additional commands, e-mail: dev-help@tapestry.apache.org