[jira] Created: (MYFACES-1841) HtmlResponseWriterImpl.writeURIAttribute does not perform proper URLs encoding ( ex: & should be encoded in &)

Sun, 23 Mar 2008 13:11:32 -0700 

HtmlResponseWriterImpl.writeURIAttribute does not perform proper URLs encoding  
( ex: & should be encoded in &amp)
------------------------------------------------------------------------------------------------------------------

                 Key: MYFACES-1841
                 URL: https://issues.apache.org/jira/browse/MYFACES-1841
             Project: MyFaces Core
          Issue Type: Bug
          Components: General, Portlet_Support
    Affects Versions:  1.2.0, 1.1.5, 1.1.4
         Environment: Windows xp sp2->Jboss portal  2.4.2->tomcat 5.5 ->JSF 
portlet 
            Reporter: Lorenzo Cerulli


HtmlFormRenderer is the class in charge of rendering the UIForm component and 
all the required attibutes.
This class is in charge of rendering  for example the Form component  tinto 
<form id="foo" name="bar" 
action=/HelloWorldJSFPortletWindow?action=1&org.apache.myfaces.portlet.MyFacesGenericPortlet.VIEW_ID=%2FWEB-INF%2Fjsp%2Findex.
 .....> </form>

During the rendering process the form renderer uses  
HtmlResponseWriterImpl.writeURIAttribute to write the "action" attribute of the 
form component.

Generally speaking the action attribute should be acquired using 
"context.getApplication().getViewHandler().getActionURL(context, viewid))" and 
the result  MUST be encoded using 
"context.getExternalContext().encodeActionURL" before passing the url to the 
"HtmlResponseWriterImpl.writeURIAttribute(URL);" This way the URL will be well 
formed and will be correctly encoded in the action attribute.

Even if the HtmlFormRendererBase for example correctly implements this process 
the resulting URL is encoded in the action attribute without correctly 
transforming "&" in "&amp". The main reason is probably that internally the 
HtmlResponseWriterImpl.writeURIAttribute does not call 
org.apache.myfaces.shared_impl.renderkit.html.util.HTMLEncoder.encode before 
writing out the attribute.
The HTMLEncoder.encode  infact is called only if the URI starts with the 
"javascript:" prefix.
This is IMO an error and should be fixed.

This behaviour gives us some problem for exmaple with the W3C validator even 
with html 4.0 strict






-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to