Wicket
  1. Wicket
  2. WICKET-4777

JavaScriptReference escapes given URL

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 6.0.0
    • Fix Version/s: 6.2.0, 1.5.9
    • Component/s: None
    • Labels:
      None

      Description

      while trying to integrate gmaps3 in our webapp i had issues with the wicketstuff-gmap3 stuff ( - we need a client-id for our request) ...

      so i have:

      public static final String GMAP_API_URL = "%s://maps.google.com/maps/api/js?v=3&sensor=%s&client-id=%s";
      
      response.render(JavaScriptHeaderItem.forUrl(String.format(GMAP_API_URL, schema, sensor, clientid)));
      

      the rendered result of this is:

      <script type="text/javascript" src="http://maps.google.com/maps/api/js?v=3&amp;sensor=false&amp;client-id=...."></script>
      

      so the requestparameters are encoded

      which is happening in the JavaScriptUtils Helper:

      public static void writeJavaScriptUrl(final Response response, final CharSequence url, final String id, boolean defer, String charset)
      {
              response.write("<script type=\"text/javascript\" ");
              if (id != null)
              {
                  response.write("id=\"" + Strings.escapeMarkup(id) + "\" ");
              }
              if (defer)
              {
                  response.write("defer=\"defer\" ");
              }
              if (charset != null)
              {
                  response.write("charset=\"" + Strings.escapeMarkup(charset) + "\" ");
              }
              response.write("src=\"");
              response.write(Strings.escapeMarkup(url));
              response.write("\"></script>");
              response.write("\n");
      }
      

      but ... is this right to escape the url?

      when i open the above mentioned script, google tells me i have no parameter "sensor" ... which i can understand as ther is only a parameter amp ...

        Activity

        Hide
        Martin Grigorov added a comment -

        Now Wicket escapes the url in Ajax requests and render the non-escaped url in normal requests.

        Show
        Martin Grigorov added a comment - Now Wicket escapes the url in Ajax requests and render the non-escaped url in normal requests.
        Hide
        Georg Buschbeck added a comment -

        in our code i now inherited form GMap, overiding Gmap#renderHead():

        if (WicketHelper.isAjaxRequest())

        { // FIX WICKET-4777 response.render(new StringHeaderItem("<script type=\"text/javascript\" src=\"" + Strings.escapeMarkup(schema + "://maps.google.com/maps/api/js?v=3&sensor=false&") + "\"></script>")); }

        else

        { response.render(JavaScriptHeaderItem.forUrl(schema + "://maps.googleapis.com/maps/api/js?sensor=" + false + "&callback=initialize")); }

        which solved the ajax problems for us

        Show
        Georg Buschbeck added a comment - in our code i now inherited form GMap, overiding Gmap#renderHead(): if (WicketHelper.isAjaxRequest()) { // FIX WICKET-4777 response.render(new StringHeaderItem("<script type=\"text/javascript\" src=\"" + Strings.escapeMarkup(schema + "://maps.google.com/maps/api/js?v=3&sensor=false&") + "\"></script>")); } else { response.render(JavaScriptHeaderItem.forUrl(schema + "://maps.googleapis.com/maps/api/js?sensor=" + false + "&callback=initialize")); } which solved the ajax problems for us
        Hide
        Martin Grigorov added a comment -

        This doesn't solve the problem.
        It still sees an entity: &callback without the closing ;

        Show
        Martin Grigorov added a comment - This doesn't solve the problem. It still sees an entity: &callback without the closing ;
        Hide
        Martin Grigorov added a comment -

        The problem is at org.wicketstuff.gmap.GMap#renderHead() :
        response.render(JavaScriptHeaderItem.forUrl("http://maps.googleapis.com/maps/api/js?sensor=" + sensor + "&callback=initialize;"));

        Show
        Martin Grigorov added a comment - The problem is at org.wicketstuff.gmap.GMap#renderHead() : response.render(JavaScriptHeaderItem.forUrl("http://maps.googleapis.com/maps/api/js?sensor=" + sensor + "&callback=initialize;"));
        Hide
        Martin Grigorov added a comment -

        For me the rendered script is:
        <script type="text/javascript" src="http://maps.googleapis.com/maps/api/js?sensor=false&callback=initialize;"></script>

        Notice the ';' at the end of the url. I'll debug why it is there.

        Show
        Martin Grigorov added a comment - For me the rendered script is: <script type="text/javascript" src="http://maps.googleapis.com/maps/api/js?sensor=false&callback=initialize;"></script> Notice the ';' at the end of the url. I'll debug why it is there.
        Hide
        Georg Buschbeck added a comment -

        Hi

        one addition, so i've seen you've fixed that issue (WICKET-4777) , but i think, there is a part missing, which i also didn't think of.

        on the delivered page the html code looks fine now (switched to 6.2.0-SNAPSHOT).
        -snip-
        <script type="text/javascript" src="http://maps.googleapis.com/maps/api/js?sensor=false&client-id=google-id&callback=initialize"></script>
        -snap-
        when doing an ajax request whose response contains that rendered url it is represented the same way ..

        -snip-
        <header-contribution encoding="wicket1" ><![CDATA[<head xmlns:wicket="http://wicket.apache.org"><script type="text/javascript" src="http://maps.googleapis.com/maps/api/js?sensor=false&client-id=google-id&callback=initialize"></script>
        -snap-

        which at this point leads to an javascript error:
        -snip-
        ERROR: Error in parsing: This page contains the following errors:error on line 1 at column 98: EntityRef: expecting ';'
        Below is a rendering of the page up to the first error.
        -snap-

        so i guess, it has to be escaped?

        Thanks,

        Georg

        Show
        Georg Buschbeck added a comment - Hi one addition, so i've seen you've fixed that issue ( WICKET-4777 ) , but i think, there is a part missing, which i also didn't think of. on the delivered page the html code looks fine now (switched to 6.2.0-SNAPSHOT). - snip - <script type="text/javascript" src="http://maps.googleapis.com/maps/api/js?sensor=false&client-id=google-id&callback=initialize"></script> - snap - when doing an ajax request whose response contains that rendered url it is represented the same way .. - snip - <header-contribution encoding="wicket1" ><![CDATA[<head xmlns:wicket="http://wicket.apache.org"><script type="text/javascript" src="http://maps.googleapis.com/maps/api/js?sensor=false&client-id=google-id&callback=initialize"></script> - snap - which at this point leads to an javascript error: - snip - ERROR: Error in parsing: This page contains the following errors:error on line 1 at column 98: EntityRef: expecting ';' Below is a rendering of the page up to the first error. - snap - so i guess, it has to be escaped? Thanks, Georg

          People

          • Assignee:
            Martin Grigorov
            Reporter:
            Georg Buschbeck
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development