There is nothing wrong with struts.
There is a selenium test in roller that checks on the id
clickById("entry_%{#mainAction}!publish");
it now has:
entry____mainAction__publish
ie it escapes %{#}! with spaces.
To match other tags, it should evaluate %{#mainAction}
ie using the form below:
<form id="entry">
<s:set var="mainAction">entryEdit</s:set>
<s:submit action="%{#mainAction}!saveDraft"/>
</form>
entry_entryEdit_publish
Whether this is is needed or not is debatable, although it looks better.
But, it is just as easy to change the test to be:
entry____mainAction__publish.
On Wed, 12 Apr 2023 at 14:27, Yasser Zamani <yasserzam...@apache.org> wrote:
> Sorry I didn't get what the problem exactly is.
>
> 1. Was your app depended to Struts internal behavior of id generation
> and so your app is broken now?
>
> 2. Or no, Struts itself is broken now by my change?
>
>
> On 4/11/2023 10:16 AM, Greg Huber wrote:
> > More housekeeping, the id on the form tag never supported %{..} on the
> > action attribute. ie action="%{#mainAction}!saveDraft"
> >
> > On 10/04/2023 20:37, Yasser Zamani wrote:
> >> Hi there, please see inline...
> >>
> >> On 4/3/2023 11:18 AM, Lukasz Lenart wrote:
> >>> The change has been introduced here [1] and the problem is that it
> >>> replaces any non-alphanumeric character with "_". Also it works on an
> >>> unevaluated version of the "name" attribute (in case if the "id"
> >>> attribute is not defined). I think this is a bug and I'm not sure why
> >>> the "escape" method has been changed in case of fixing double
> >>> evaluations (its main purpose was JavaScript-friendliness)
> >>
> >> Because it was also reported in same report by our last security
> >> report. It's required and is a common practice to avoid XSS.
> >>
> >> If some plugin has a problem with it, then it also need to be fixed
> >> (i.e. replace any non-alpha with _) because it's only for Struts
> >> internal usage and users shouldn't depend on Struts internal behavior.
> >>
> >> Best Regards,
> >> Yasser
> >>
> >>>
> >>> [1]
> >>>
> https://github.com/apache/struts/pull/496/files#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caR897
> >>>
> >>>
> >>> Regards
> >>> --
> >>> Łukasz
> >>> + 48 606 323 122 http://www.lenart.org.pl/
> >>>
> >>> sob., 1 kwi 2023 o 12:43 Greg Huber <gregh3...@gmail.com> napisał(a):
> >>>>
> >>>> Maybe a user question (sorry)
> >>>>
> >>>> Using action like this : action="%{#mainAction}!saveDraft"/> struts
> >>>> seems to get the "id" wrong? ...but the "name" correct.
> >>>>
> >>>> eg:
> >>>>
> >>>> <s:set var="mainAction">entryEdit</s:set>
> >>>>
> >>>> <s:submit cssClass="btn btn-warning"
> >>>> value="%{getText('weblogEdit.save')}"
> >>>> action="%{#mainAction}!saveDraft"/>
> >>>>
> >>>> renders:
> >>>>
> >>>> <input type="submit" value="Save as Draft"
> >>>> id="entry____mainAction__saveDraft" name="action:entryAdd!saveDraft"
> >>>> class="btn btn-warning">
> >>>>
> >>>>
> >>>> Should be
> >>>>
> >>>> <input type="submit" value="Save as Draft"
> >>>> id="entry_entryAdd_saveDraft"
> >>>> name="action:entryAdd!saveDraft" class="btn btn-warning">
> >>>>
> >>>>
> >>>> #####
> >>>>
> >>>> If I try it on my app it does the same thing
> >>>>
> >>>> <form name="myConfig" id="myConfig" action="/app/myConfig.action"
> >>>> method="post">
> >>>>
> >>>> <s:set var="myConfigzzzzz" value="'myConfig'" />
> >>>> <s:submit value="%{getText('button.save')}" action="%{myConfigz}!save"
> >>>> accesskey="s" />
> >>>>
> >>>> </form>
> >>>>
> >>>> renders:
> >>>>
> >>>> <input name="action:myConfig!save" type="submit" value="Save"
> >>>> id="myConfig___myConfigzzzzz__save" accesskey="s">
> >>>>
> >>>>
> >>>> should be
> >>>>
> >>>> <input name="action:myConfig!save" type="submit" value="Save"
> >>>> id="myConfig_myConfig_save" accesskey="s">
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> >>>> For additional commands, e-mail: dev-h...@struts.apache.org
> >>>>
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> >>> For additional commands, e-mail: dev-h...@struts.apache.org
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> >> For additional commands, e-mail: dev-h...@struts.apache.org
> >>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> > For additional commands, e-mail: dev-h...@struts.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
>
>
