Script contents should be enclosed in CDATA section for XML documents
---------------------------------------------------------------------
Key: SHALE-488
URL: https://issues.apache.org/struts/browse/SHALE-488
Project: Shale
Issue Type: Improvement
Components: Validator
Affects Versions: 1.0.4
Environment: XML content types, including XHTML
Reporter: Jeff Tsay
When the validator script gets rendered, it outputs raw Javascript inside the
<script>
tags. The Javascript includes characters like & which need to be escaped
or in a CDATA section in XML. For XUL or XHTML, this is a problem. I
guess that XHTML parsers are more lenient about this so that's why the
problem never showed up? Anyway the fix, which was also suggested by
Gary VanMatre, was to enclose the script contents in an XML CDATA
section. So in
src/main/java/org/apache/shale/validator/faces/ValidatorScript.java I have:
private void writeScriptStart(ResponseWriter writer) throws IOException {
writer.startElement("script", this);
writer.writeAttribute("type", "text/javascript", null);
writer.writeAttribute("language", "Javascript1.1", null);
writer.write("\n");
// jtsay added
// Enclose XML in CDATA so special characters can be used without
escaping.
if (!"text/html".equals(writer.getContentType())) {
writer.write("<![CDATA[\n");
}
}
and
private void writeScriptEnd(ResponseWriter writer) throws IOException {
// jtsay added
if (!"text/html".equals(writer.getContentType())) {
writer.write("\n]]>\n");
}
writer.write("\n");
writer.endElement("script");
}
This assumes if we are not rendering text/html, we must be rendering
some sort of XML. Sound reasonable?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
