Author: pedro
Date: Tue Jan 11 16:35:59 2011
New Revision: 1057719
URL: http://svn.apache.org/viewvc?rev=1057719&view=rev
Log:
fix/preventing double escaped URL at behavior an form action attribute
Issue: WICKET-2829
Modified:
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/ajax/AjaxEventBehavior.java
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/form/Form.java
wicket/trunk/wicket-core/src/test/java/org/apache/wicket/BehaviorUrlTest.java
wicket/trunk/wicket-core/src/test/java/org/apache/wicket/MockPageParametersAware.java
wicket/trunk/wicket-core/src/test/java/org/apache/wicket/markup/html/form/FormTest.java
Modified:
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/ajax/AjaxEventBehavior.java
URL:
http://svn.apache.org/viewvc/wicket/trunk/wicket-core/src/main/java/org/apache/wicket/ajax/AjaxEventBehavior.java?rev=1057719&r1=1057718&r2=1057719&view=diff
==============================================================================
---
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/ajax/AjaxEventBehavior.java
(original)
+++
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/ajax/AjaxEventBehavior.java
Tue Jan 11 16:35:59 2011
@@ -108,20 +108,9 @@ public abstract class AjaxEventBehavior
Component myComponent = getComponent();
if (myComponent.isEnabledInHierarchy())
{
- tag.put(event, escapeAttribute(getEventHandler()));
+ tag.put(event, getEventHandler());
}
}
-
- private CharSequence escapeAttribute(final CharSequence attr)
- {
- if(null == attr)
- {
- return null;
- }
- CharSequence escaped = Strings.escapeMarkup(attr.toString());
- // No need to escape the apostrophe; it just clutters the markup
- return Strings.replaceAll(escaped, "'", "'");
- }
/**
*
Modified:
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/form/Form.java
URL:
http://svn.apache.org/viewvc/wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/form/Form.java?rev=1057719&r1=1057718&r2=1057719&view=diff
==============================================================================
---
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/form/Form.java
(original)
+++
wicket/trunk/wicket-core/src/main/java/org/apache/wicket/markup/html/form/Form.java
Tue Jan 11 16:35:59 2011
@@ -1410,7 +1410,7 @@ public class Form<T> extends WebMarkupCo
}
else
{
- tag.put("action", Strings.escapeMarkup(url));
+ tag.put("action", url);
}
if (isMultiPart())
Modified:
wicket/trunk/wicket-core/src/test/java/org/apache/wicket/BehaviorUrlTest.java
URL:
http://svn.apache.org/viewvc/wicket/trunk/wicket-core/src/test/java/org/apache/wicket/BehaviorUrlTest.java?rev=1057719&r1=1057718&r2=1057719&view=diff
==============================================================================
---
wicket/trunk/wicket-core/src/test/java/org/apache/wicket/BehaviorUrlTest.java
(original)
+++
wicket/trunk/wicket-core/src/test/java/org/apache/wicket/BehaviorUrlTest.java
Tue Jan 11 16:35:59 2011
@@ -16,6 +16,8 @@
*/
package org.apache.wicket;
+import org.apache.wicket.ajax.AjaxEventBehavior;
+import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.behavior.Behavior;
import org.apache.wicket.behavior.IBehaviorListener;
import org.apache.wicket.markup.ComponentTag;
@@ -23,8 +25,11 @@ import org.apache.wicket.markup.IMarkupR
import org.apache.wicket.markup.html.WebMarkupContainer;
import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.model.Model;
+import org.apache.wicket.request.IRequestParameters;
import org.apache.wicket.util.resource.IResourceStream;
import org.apache.wicket.util.resource.StringResourceStream;
+import org.apache.wicket.util.string.StringValue;
+import org.apache.wicket.util.string.Strings;
public class BehaviorUrlTest extends WicketTestCase
@@ -113,4 +118,50 @@ public class BehaviorUrlTest extends Wic
{
}
}
+
+
+ /**
+ *
+ */
+ public void testBehaviorUrlNotDoubleEscaped()
+ {
+ tester.startPage(EscapeTestPage.class);
+
+ String response = tester.getLastResponseAsString();
+
assertTrue(response.contains(Strings.escapeMarkup(EscapeTestPage.TEST_QUERY_STRING)));
+
+ tester.executeAjaxEvent("form:textfield", "onchange");
+
+ EscapeTestPage testPage =
(EscapeTestPage)tester.getLastRenderedPage();
+ IRequestParameters lastParameters =
testPage.getLastQueryParameters();
+ assertEquals(StringValue.valueOf("value_1"),
lastParameters.getParameterValue("query_p_1"));
+ }
+
+ /** */
+ public static class EscapeTestPage extends MockPageParametersAware
+ {
+ private static final long serialVersionUID = 1L;
+ /** */
+ public static final String TEST_QUERY_STRING =
"&query_p_1=value_1";
+
+ /** */
+ public EscapeTestPage()
+ {
+ getTextField().add(new AjaxEventBehavior("onchange")
+ {
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ public CharSequence getCallbackUrl()
+ {
+ return super.getCallbackUrl() +
TEST_QUERY_STRING;
+ }
+
+ @Override
+ protected void onEvent(AjaxRequestTarget target)
+ {
+ }
+ });
+ }
+ }
}
\ No newline at end of file
Modified:
wicket/trunk/wicket-core/src/test/java/org/apache/wicket/MockPageParametersAware.java
URL:
http://svn.apache.org/viewvc/wicket/trunk/wicket-core/src/test/java/org/apache/wicket/MockPageParametersAware.java?rev=1057719&r1=1057718&r2=1057719&view=diff
==============================================================================
---
wicket/trunk/wicket-core/src/test/java/org/apache/wicket/MockPageParametersAware.java
(original)
+++
wicket/trunk/wicket-core/src/test/java/org/apache/wicket/MockPageParametersAware.java
Tue Jan 11 16:35:59 2011
@@ -39,16 +39,22 @@ public class MockPageParametersAware ext
private IRequestParameters lastQueryParameters;
private IRequestParameters lastPostParameters;
+ private TextField<String> textField;
/** */
public MockPageParametersAware()
{
- Form<Void> form = new Form<Void>("form");
- TextField<String> textField = new
TextField<String>("textfield", Model.of(""));
+ Form<Void> form = newForm("form");
+ textField = new TextField<String>("textfield", Model.of(""));
form.add(textField);
add(form);
}
+ protected Form<Void> newForm(String id)
+ {
+ return new Form<Void>(id);
+ }
+
@Override
protected void onDetach()
{
@@ -90,6 +96,14 @@ public class MockPageParametersAware ext
}
+ /**
+ * @return textField
+ */
+ public TextField<String> getTextField()
+ {
+ return textField;
+ }
+
public IResourceStream getMarkupResourceStream(MarkupContainer
container,
Class<?> containerClass)
{
Modified:
wicket/trunk/wicket-core/src/test/java/org/apache/wicket/markup/html/form/FormTest.java
URL:
http://svn.apache.org/viewvc/wicket/trunk/wicket-core/src/test/java/org/apache/wicket/markup/html/form/FormTest.java?rev=1057719&r1=1057718&r2=1057719&view=diff
==============================================================================
---
wicket/trunk/wicket-core/src/test/java/org/apache/wicket/markup/html/form/FormTest.java
(original)
+++
wicket/trunk/wicket-core/src/test/java/org/apache/wicket/markup/html/form/FormTest.java
Tue Jan 11 16:35:59 2011
@@ -16,7 +16,9 @@
*/
package org.apache.wicket.markup.html.form;
+import org.apache.wicket.MockPageParametersAware;
import org.apache.wicket.WicketTestCase;
+import org.apache.wicket.util.string.Strings;
import org.apache.wicket.util.visit.IVisitor;
@@ -59,4 +61,38 @@ public class FormTest extends WicketTest
{
executeTest(FormMethodTestPage.class,
"FormMethodTestPage_expected.html");
}
+
+ /**
+ *
+ */
+ public void testActionUrlNotDoubleEscaped()
+ {
+ tester.startPage(TestPage.class);
+ String response = tester.getLastResponseAsString();
+
assertTrue(response.contains(Strings.escapeMarkup(TestPage.TEST_QUERY_STRING)));
+ }
+
+ /** */
+ public static class TestPage extends MockPageParametersAware
+ {
+ private static final long serialVersionUID = 1L;
+ /** */
+ public static final String TEST_QUERY_STRING =
"&query_p_1=value_1";
+
+ @Override
+ protected Form<Void> newForm(String id)
+ {
+ return new Form<Void>(id)
+ {
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ protected CharSequence getActionUrl()
+ {
+ return super.getActionUrl() +
TEST_QUERY_STRING;
+ }
+ };
+ }
+
+ }
}
