Wicket
  1. Wicket
  2. WICKET-4777

JavaScriptReference escapes given URL

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 6.0.0
    • Fix Version/s: 6.2.0, 1.5.9
    • Component/s: None
    • Labels:
      None

      Description

      while trying to integrate gmaps3 in our webapp i had issues with the wicketstuff-gmap3 stuff ( - we need a client-id for our request) ...

      so i have:

      public static final String GMAP_API_URL = "%s://maps.google.com/maps/api/js?v=3&sensor=%s&client-id=%s";
      
      response.render(JavaScriptHeaderItem.forUrl(String.format(GMAP_API_URL, schema, sensor, clientid)));
      

      the rendered result of this is:

      <script type="text/javascript" src="http://maps.google.com/maps/api/js?v=3&amp;sensor=false&amp;client-id=...."></script>
      

      so the requestparameters are encoded

      which is happening in the JavaScriptUtils Helper:

      public static void writeJavaScriptUrl(final Response response, final CharSequence url, final String id, boolean defer, String charset)
      {
              response.write("<script type=\"text/javascript\" ");
              if (id != null)
              {
                  response.write("id=\"" + Strings.escapeMarkup(id) + "\" ");
              }
              if (defer)
              {
                  response.write("defer=\"defer\" ");
              }
              if (charset != null)
              {
                  response.write("charset=\"" + Strings.escapeMarkup(charset) + "\" ");
              }
              response.write("src=\"");
              response.write(Strings.escapeMarkup(url));
              response.write("\"></script>");
              response.write("\n");
      }
      

      but ... is this right to escape the url?

      when i open the above mentioned script, google tells me i have no parameter "sensor" ... which i can understand as ther is only a parameter amp ...

        Activity

        Martin Grigorov made changes -
        Status Reopened [ 4 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Martin Grigorov made changes -
        Resolution Fixed [ 1 ]
        Status Resolved [ 5 ] Reopened [ 4 ]
        Georg Buschbeck made changes -
        Attachment de.thomasdaily.WICKET4777.tgz [ 12548707 ]
        Martin Grigorov made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Assignee Martin Grigorov [ mgrigorov ]
        Fix Version/s 1.5.9 [ 12322962 ]
        Resolution Fixed [ 1 ]
        Martijn Dashorst made changes -
        Fix Version/s 6.2.0 [ 12323295 ]
        Fix Version/s 6.1.0 [ 12322957 ]
        Martin Grigorov made changes -
        Fix Version/s 6.1.0 [ 12322957 ]
        Georg Buschbeck made changes -
        Field Original Value New Value
        Description
        while trying to integrate gmaps3 in our webapp i had issues with the wicketstuff-gmap3 stuff ( - we need a client-id for our request) ...

        so i have:
        {code}
        public static final String GMAP_API_URL = "%s://maps.google.com/maps/api/js?v=3&sensor=%s&client-id=%s";

        response.render(JavaScriptHeaderItem.forUrl(String.format(GMAP_API_URL, schema, sensor, clientid)));
        {code}

        the rendered result of this is:
        {code}
        <script type="text/javascript" src="http://maps.google.com/maps/api/js?v=3&amp;sensor=false&amp;client-id=...."></script>
        {code}

        so the requestparameters are encoded

        which is happening in the JavaScriptUtils Helper:
        {code}
        public static void writeJavaScriptUrl(final Response response, final CharSequence url, final String id, boolean defer, String charset)
        {
                response.write("<script type=\"text/javascript\" ");
                if (id != null)
                {
                    response.write("id=\"" + Strings.escapeMarkup(id) + "\" ");
                }
                if (defer)
                {
                    response.write("defer=\"defer\" ");
                }
                if (charset != null)
                {
                    response.write("charset=\"" + Strings.escapeMarkup(charset) + "\" ");
                }
                response.write("src=\"");
                response.write(Strings.escapeMarkup(url));
                response.write("\"></script>");
                response.write("\n");
        }
        {code}
        but ... is this right to escape the url?

        when i open the above mentioned script, google tells me i have no parameter "sensor" ... which i can understand as ther is only a parameter amp ...

        while trying to integrate gmaps3 in our webapp i had issues with the wicketstuff-gmap3 stuff ( - we need a client-id for our request) ...

        so i have:
        {noformat}
        public static final String GMAP_API_URL = "%s://maps.google.com/maps/api/js?v=3&sensor=%s&client-id=%s";

        response.render(JavaScriptHeaderItem.forUrl(String.format(GMAP_API_URL, schema, sensor, clientid)));
        {noformat}

        the rendered result of this is:
        {noformat}
        <script type="text/javascript" src="http://maps.google.com/maps/api/js?v=3&amp;sensor=false&amp;client-id=...."></script>
        {noformat}

        so the requestparameters are encoded

        which is happening in the JavaScriptUtils Helper:
        {noformat}
        public static void writeJavaScriptUrl(final Response response, final CharSequence url, final String id, boolean defer, String charset)
        {
                response.write("<script type=\"text/javascript\" ");
                if (id != null)
                {
                    response.write("id=\"" + Strings.escapeMarkup(id) + "\" ");
                }
                if (defer)
                {
                    response.write("defer=\"defer\" ");
                }
                if (charset != null)
                {
                    response.write("charset=\"" + Strings.escapeMarkup(charset) + "\" ");
                }
                response.write("src=\"");
                response.write(Strings.escapeMarkup(url));
                response.write("\"></script>");
                response.write("\n");
        }
        {noformat}
        but ... is this right to escape the url?

        when i open the above mentioned script, google tells me i have no parameter "sensor" ... which i can understand as ther is only a parameter amp ...
        Georg Buschbeck created issue -

          People

          • Assignee:
            Martin Grigorov
            Reporter:
            Georg Buschbeck
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development