Stripes

Stripes does not HTML encode option labels generated with options-collection/options-enumeration

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: Release 1.4, Release 1.5
  • Fix Version/s: Release 1.5.1, Release 1.6
  • Component/s: Tag Library
  • Labels:
    None

Description

Do stripes:* tags encode html entities? I encounter some un-encoded labels with stripes:options-collection (specifically, bare "&" that didn't translate to "&" between the rendered <option...>...</option> tags). This may also apply to other tags...

Preferred change to Stripes: ensure that everything rendered by any Stripes tag (other than stripes:url) is html-encoded correctly.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Tim Fennell added a comment - 03/Sep/06 12:27 PM

Turns out that Stripes actually does HTML encode all attributes on input tags.... But option labels are output as the body of the option tag, and were not being encoded. I've changed this to encode the option label too.

Show
Tim Fennell added a comment - 03/Sep/06 12:27 PM Turns out that Stripes actually does HTML encode all attributes on input tags.... But option labels are output as the body of the option tag, and were not being encoded. I've changed this to encode the option label too.
Hide
Permalink
John Newman added a comment - 11/Dec/08 4:34 PM

I think this may not be correct

if I do this using regular html tags:

<option value="1">Parent Option</option>
<option value="2">   Child Option 1</option>
<option value="2">   Child Option 2</option>

the select widget puts white spaces in the options to tab them over

but if I use the stripes tags:

<stripes:option value="1">Parent Option</stripes:option>
<stripes:option value="2">   Child Option 1</stripes:option>
<stripes:option value="3">   Child Option 2</stripes:option>

The options literally have   in them... if i replace that with whitespace it gets trimmed... so is there anyway I can space options over for nesting and still get the form repopulation that the stripes tags buy? I can use regular html tags but lose the repopulation...

Thanks!

Show
John Newman added a comment - 11/Dec/08 4:34 PM I think this may not be correct if I do this using regular html tags: <option value="1">Parent Option</option> <option value="2">   Child Option 1</option> <option value="2">   Child Option 2</option> the select widget puts white spaces in the options to tab them over but if I use the stripes tags: <stripes:option value="1">Parent Option</stripes:option> <stripes:option value="2">   Child Option 1</stripes:option> <stripes:option value="3">   Child Option 2</stripes:option> The options literally have   in them... if i replace that with whitespace it gets trimmed... so is there anyway I can space options over for nesting and still get the form repopulation that the stripes tags buy? I can use regular html tags but lose the repopulation... Thanks!
Hide
Permalink
John Newman added a comment - 11/Dec/08 4:35 PM

also using the label="" attribute instead of the tag body behaves no differently

Show
John Newman added a comment - 11/Dec/08 4:35 PM also using the label="" attribute instead of the tag body behaves no differently
Hide
Permalink
Ben Gunter added a comment - 26/Feb/09 4:11 PM

This change has made it impossible to generate an option label with HTML character entities in them. I'm looking into fixing that.

Show
Ben Gunter added a comment - 26/Feb/09 4:11 PM This change has made it impossible to generate an option label with HTML character entities in them. I'm looking into fixing that.
Hide
Permalink
Ben Gunter added a comment - 03/Mar/09 9:19 AM

Fixed in a less restrictive way. If the label attribute is used to generate the option's body then its value is HTML-encoded. But if the tag body is used its value is not HTML-encoded. Instead, the value must be encoded some other way, such as <c:out escapeXml="true" value="${value}" />. (But if you're going to do that, then you might as well just use label="${value}".) I added a paragraph to the TLD to document this behavior.

Show
Ben Gunter added a comment - 03/Mar/09 9:19 AM Fixed in a less restrictive way. If the label attribute is used to generate the option's body then its value is HTML-encoded. But if the tag body is used its value is not HTML-encoded. Instead, the value must be encoded some other way, such as <c:out escapeXml="true" value="${value}" />. (But if you're going to do that, then you might as well just use label="${value}".) I added a paragraph to the TLD to document this behavior.

People

Vote (0)
Watch (1)

Dates

  • Created:
    28/Aug/06 4:39 PM
    Updated:
    04/Jan/11 2:48 PM
    Resolved:
    03/Mar/09 9:19 AM
Atlassian JIRA (v4.2#587) | Report a problem
Powered by a free Atlassian JIRA open source license for Stripes Framework. Try JIRA - bug tracking software for your team.