I think it was always wrong as the test is checking for :
entry_%{#mainAction}!publish
clickById("entry_%{#mainAction}!publish")
On 14/04/2023 19:17, Yasser Zamani wrote:
Thank you for the explanation Greg. Yes I agree that previously it was
looking better. Currently am wondering how previous Struts was
generating the id from an evaluated name! Because as you see below,
Struts is and was keeping name property unchanged via introducing a
local var named name:
String name = findString(this.name); // previous version
String translatedName = findString(this.name); // current version
You see. I just renamed local var name to translatedName to not
confuse name with this.name. So am wondering how _tmp_id =
...escape(name)...; uses an evaluated name in previous versions!
Regards.
On 4/12/2023 7:13 PM, Greg Huber wrote:
There is nothing wrong with struts.
There is a selenium test in roller that checks on the id
clickById("entry_%{#mainAction}!publish");
it now has:
entry____mainAction__publish
ie it escapes %{#}! with spaces.
To match other tags, it should evaluate %{#mainAction}
ie using the form below:
<form id="entry">
<s:set var="mainAction">entryEdit</s:set>
<s:submit action="%{#mainAction}!saveDraft"/>
</form>
entry_entryEdit_publish
Whether this is is needed or not is debatable, although it looks better.
But, it is just as easy to change the test to be:
entry____mainAction__publish.
On Wed, 12 Apr 2023 at 14:27, Yasser Zamani <yasserzam...@apache.org>
wrote:
Sorry I didn't get what the problem exactly is.
1. Was your app depended to Struts internal behavior of id generation
and so your app is broken now?
2. Or no, Struts itself is broken now by my change?
On 4/11/2023 10:16 AM, Greg Huber wrote:
More housekeeping, the id on the form tag never supported %{..} on the
action attribute. ie action="%{#mainAction}!saveDraft"
On 10/04/2023 20:37, Yasser Zamani wrote:
Hi there, please see inline...
On 4/3/2023 11:18 AM, Lukasz Lenart wrote:
The change has been introduced here [1] and the problem is that it
replaces any non-alphanumeric character with "_". Also it works
on an
unevaluated version of the "name" attribute (in case if the "id"
attribute is not defined). I think this is a bug and I'm not sure
why
the "escape" method has been changed in case of fixing double
evaluations (its main purpose was JavaScript-friendliness)
Because it was also reported in same report by our last security
report. It's required and is a common practice to avoid XSS.
If some plugin has a problem with it, then it also need to be fixed
(i.e. replace any non-alpha with _) because it's only for Struts
internal usage and users shouldn't depend on Struts internal
behavior.
Best Regards,
Yasser
[1]
https://github.com/apache/struts/pull/496/files#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caR897
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
sob., 1 kwi 2023 o 12:43 Greg Huber <gregh3...@gmail.com>
napisał(a):
Maybe a user question (sorry)
Using action like this : action="%{#mainAction}!saveDraft"/> struts
seems to get the "id" wrong? ...but the "name" correct.
eg:
<s:set var="mainAction">entryEdit</s:set>
<s:submit cssClass="btn btn-warning"
value="%{getText('weblogEdit.save')}"
action="%{#mainAction}!saveDraft"/>
renders:
<input type="submit" value="Save as Draft"
id="entry____mainAction__saveDraft"
name="action:entryAdd!saveDraft"
class="btn btn-warning">
Should be
<input type="submit" value="Save as Draft"
id="entry_entryAdd_saveDraft"
name="action:entryAdd!saveDraft" class="btn btn-warning">
#####
If I try it on my app it does the same thing
<form name="myConfig" id="myConfig" action="/app/myConfig.action"
method="post">
<s:set var="myConfigzzzzz" value="'myConfig'" />
<s:submit value="%{getText('button.save')}"
action="%{myConfigz}!save"
accesskey="s" />
</form>
renders:
<input name="action:myConfig!save" type="submit" value="Save"
id="myConfig___myConfigzzzzz__save" accesskey="s">
should be
<input name="action:myConfig!save" type="submit" value="Save"
id="myConfig_myConfig_save" accesskey="s">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
