It would be good to filter CDATA during PPR. I'd be happy to
apply a patch to the PPRResponseWriter that handles this,
but would also rather that component authors stop trying
to out-clever the ResponseWriter!
The best way to write out script contents is to just use
ResponseWriter.writeText(), not write(), and let the ResponseWriter
handle the details of making sure it's properly escaped
or not if unnecessary (which the Trinidad ResponseWriters
do).
-- Adam
On 8/23/07, Andrew Robinson <[EMAIL PROTECTED]> wrote:
> I have a component I was outputting script using the following code:
>
> RenderingContext arc = RenderingContext.getCurrentInstance();
> ResponseWriter writer = context.getResponseWriter();
> writer.startElement(XhtmlConstants.SCRIPT_ELEMENT, null);
> XhtmlRenderer.renderScriptDeferAttribute(context, arc);
> XhtmlRenderer.renderScriptTypeAttribute(context, arc);
> writer.write("\n//<![CDATA[\n");
> writer.write(script.toString());
> writer.write("\n//]]>\n");
> writer.endElement(XhtmlConstants.SCRIPT_ELEMENT);
>
> This code works fine when the page is rendered the first time, but
> fails for a PPR request. The reason is the embedded CDATA block. As it
> is legal to have these blocks in the script tag, this code should
> work. Instead Trinidad is adding additional CDATA tags around the
> code, which causes an error.
>
> I removed the CDATA code from my renderer, but I am afraid this could
> break 3rd party components. Shouldn't the PPR engine check for the
> presence of the CDATA element in a script tag?
>
