Issue Details (XML | Word | Printable)

Key: JELLY-66
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: dion gillard
Reporter: Knut Wannheden
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Commons Jelly

tag body as unescaped xml

Created: 28/Jul/03 09:32 AM   Updated: 07/Sep/04 04:19 PM
Component/s: core / taglib.core
Affects Version/s: None
Fix Version/s: 1.0-beta-4

Time Tracking:
Not Specified

File Attachments:
  File Name Date Attached Attached By Size
Text File xmloutput-noescape-patch.txt 2003-09-04 03:48 PM Knut Wannheden 1 kB

Resolution Date: 07/Sep/04 04:19 PM


 Description  « Hide
(I've reported this problem to commons-user before. See thread "[jelly] body as unescaped xml".)

The following snippet exposes the problem:

<j:set var="foo">
<foo/>
</j:set>
${foo}

I expected the output to be "<foo></foo>" (or "<foo/>") but it is actually "<foo></foo>".

The problem is that there is no way to control this behaviour. The reason is that the factory methods of XMLOutput by default return an instance which escapes body text with XML entities (as in the example). In many applications this makes sense, but ss Jelly is primarily a tool to manipulate XML, I think the default should be not to escape XML. (Also read the discussion in http://www.mail-archive.com/commons-user@jakarta.apache.org/msg02750.html.)

In the example the variable "foo" actually gets assigned the String value "<foo></foo>", which is escaped when it's dereferenced using "${foo}". The question is whether the value should really be a String. Shouldn't it really be XML?

 All   Comments   Work Log   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
peter royal added a comment - 04/Sep/03 04:16 AM
I would propose a new tag that captures its body as XML.

[ Permlink | « Hide ]
Knut Wannheden added a comment - 04/Sep/03 09:33 AM
I suppose this is really two problems then. The first being that <j:set> sets the value of the variable to a String value even though the body is XML. And the second being that XMLOutput by default escapes text using XML entities.

But of course these two are linked to each other. If just one of them is fixed my problem is solved.

The first one probably requires some thought and should maybe be implemented using a new tag as you say.

The second one is really easy to solve, and makes a lot of sense IMHO. Also it makes a workaround for the first problem possible:

<j:set var="foo">
<foo/>
</j:set>
<xml:parse var="foo">
${foo}
</xml:parse>

Of course that would already be possible now, but you would have to do the second step like this:

<xml:parse var="foo" text="${foo}"/>

Now that these two don't behave the same is really ugly.


[ Permlink | « Hide ]
Knut Wannheden added a comment - 04/Sep/03 09:37 AM
Also note that changing XMLOutput's default behaviour would also make the patch of JELLY-55 unnecessary. Or should there maybe be a "global" attribute "escapexml" to control this? Much like the "trim" attribute.

[ Permlink | « Hide ]
dion gillard added a comment - 04/Sep/03 10:16 AM
Yep, escaping XML keeps biting Jelly.

At some point in the past the default was the opposite....

I'd much prefer it didn't escape XML.


[ Permlink | « Hide ]
Knut Wannheden added a comment - 04/Sep/03 03:48 PM
Patch for XMLOutput. This patch changes the default behaviour of XMLOutput in such a way that the default static factory methods create instances which don't escape text using XML entities.

[ Permlink | « Hide ]
dion gillard added a comment - 30/Aug/04 02:16 AM
There are methods in XmlOutput to create XmlOutput with escaping turned on.

I'd rather we look at using those than brute force.


[ Permlink | « Hide ]
dion gillard added a comment - 02/Sep/04 06:39 AM
You can use the core:file tag for this as well.

[ Permlink | « Hide ]
dion gillard added a comment - 07/Sep/04 04:16 AM
Do we have tests for the set tag and it's encode attribute?

[ Permlink | « Hide ]
dion gillard added a comment - 07/Sep/04 04:26 AM
I've committed a change that will allow us to switch the default easily.

My take is that we switch it to false, so that XML text is not escaped as the default.

If someone wants escaping on, they can easily create an XMLOutput with it on using the
createXMLOutput(Writer writer, boolean escapeText) or createXMLOutput(OutputStream out, boolean escapeText)

methods.


[ Permlink | « Hide ]
Knut Wannheden added a comment - 07/Sep/04 06:44 AM
If I understand this last comment correctly, then the decision is to now apply the patch I submitted just about a year ago. Is this correct?

[ Permlink | « Hide ]
dion gillard added a comment - 07/Sep/04 07:54 AM
Yep. It's taken that long to get people interested

[ Permlink | « Hide ]
dion gillard added a comment - 07/Sep/04 04:19 PM
Made the default not to escape. Please re-open if this is an issue


Powered by a free Atlassian JIRA open source license for Apache Software Foundation. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.2-#335) - Bug/feature request - Atlassian news - Contact Administrators