[jira] [Comment Edited] (SLING-5461) Sightly quotes all markup attributes' values with double quotes

Konrad Windszus (JIRA) Wed, 08 Jun 2016 03:52:33 -0700

    [ 
https://issues.apache.org/jira/browse/SLING-5461?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15320241#comment-15320241
 ]


Konrad Windszus edited comment on SLING-5461 at 6/8/16 10:51 AM:
-----------------------------------------------------------------

The problem why this is really crucial is that Sightly also does incorrectly 
escape. So while
{code}
<div data-foo='{"key1": { "subobject": "test" } }' />
{code}
is correctly converted to 
{code}
<div data-foo="{&quot;key1&quot;: { &quot;subobject&quot;: &quot;test&quot; } 
}"/>
{code}
(before this fix was applied),

an attribute containing an expression is not correctly escaped. 
So this:
{code}
<div data-bar='{"key": "${currentPage.title}" />
{code}
becomes invalid HTML
{code}
<div data-bar="{"key": "<whatever value $currentPage.title resolves to>" }" />
{code}

[~radu.cotescu] Do you want me open a separate bug for this? So far I only 
reproduced with "Sightly Engine 1.0.2".


was (Author: kwin):
The problem why this is really crucial is that Sightly also does incorrectly 
escape. So while
{code}
<div data-foo='{"key1": { "subobject": "test" } }' />
{code}
is correctly converted to 
{code}
<div data-foo="{&quot;key1&quot;: { &quot;subobject&quot;: &quot;test&quot; } 
}"/>
{code}
(before this fix was applied),

on the other hand Sightly containing expressions is not correctly escaped. 
So this:
{code}
<div data-bar='{"key": "${currentPage.title}" />
{code}
becomes invalid HTML
{code}
<div data-bar="{"key": "<whatever value $currentPage.title resolves to>" }" />
{code}

[~radu.cotescu] Do you want me open a separate bug for this? So far I only 
reproduced with "Sightly Engine 1.0.2".

> Sightly quotes all markup attributes' values with double quotes
> ---------------------------------------------------------------
>
>                 Key: SLING-5461
>                 URL: https://issues.apache.org/jira/browse/SLING-5461
>             Project: Sling
>          Issue Type: Bug
>          Components: Scripting
>    Affects Versions: Scripting Sightly Engine 1.0.0
>            Reporter: Radu Cotescu
>            Assignee: Radu Cotescu
>             Fix For: Scripting Sightly Engine 1.0.12
>
>
> Irrespective of how HTML attributes are quoted in a Sightly script, the 
> resulting output will always use double quotes ({{"}}), which will break 
> attributes that have been defined in the script to use single quotes ({{'}}).
> This issue affects developers who would like to define JSON structures in 
> {{data-}} attributes.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Comment Edited] (SLING-5461) Sightly quotes all markup attributes' values with double quotes

Reply via email to