[jira] Commented: (MYFACES-1396) Too much escaping

Thu, 21 Dec 2006 04:40:48 -0800 

    [ 
http://issues.apache.org/jira/browse/MYFACES-1396?page=comments#action_12460244 
] 
            
Tomas Fischer commented on MYFACES-1396:
----------------------------------------

The main problem (for our project) ist that the escaping occurs at all. We need 
exactly the described behaviour - either no escaping at all or escaping the XML 
entities only.

For generating HTML content escaping international characters -> numeric values 
might be OK, for generating XML content (MIME type xxx/yyy+xml) is may be 
inacceptable and should be disabled. Escaping international characters -> named 
entities is not needed at all (if the former is available) and is dangerous as 
not every browser understands every named entity.


> Too much escaping
> -----------------
>
>                 Key: MYFACES-1396
>                 URL: http://issues.apache.org/jira/browse/MYFACES-1396
>             Project: MyFaces Core
>          Issue Type: Bug
>          Components: General
>            Reporter: Tomas Fischer
>         Assigned To: Martin Marinschek
>            Priority: Blocker
>         Attachments: test.jsf
>
>
> HTMLOutputText (which delegates to HTMLEncoder) escapes not only XML-invalid 
> charactres (like <, >, &), but also german umlauts. This is OK if generating 
> (X)HTML, but not OK if generating XML. However, according to the official 
> documentation to the outputText Tag the german umlauts should not be quoted: 
> If the "escape" attribute is not present, or it is present and its value is 
> "true" all angle brackets should be converted to the ampersand xx semicolon 
> syntax when rendering the value of the "value" attribute as the value of the 
> component.
> There is an automatic XML detection, but this is broken, as only predefined 
> MIME-types are recognized (application/xhtml+xml, application/xml, text/xml).
> This bug prevents using JSF for generating other content (e.g. SVG, MIME-type 
> image/svg+xml).

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to