Geert,
- TemplateFactoryEngineTypes associates EncoderHtml instance with
TemplateFactory ENGINEHTML and ENGINEXHTML
- TemplateFactory ENGINEHTML is used with all html files, even if
xhtml dtd is specified inside the file.
No, it's used when you do getHtmlTemplate from within your element.
Using getXhtmlTemplate gives you an ENGINEXHTML type.
Sorry I was not clear enough. The point is neither about html or xhtml
file suffix nor about ENGINEHTML or ENGINEXHTML instances: it's always
EncoderHtml which is used.
What do you mean with the dtd?
Even in files with html suffixe, it can be xhtml code, e.g. in
src/templates/crud/common/blueprint_admin.html, you have:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
- AbstractTemplate.evaluateL10nTags uses EncoderHtml.encodeDefensive
and not EncoderHtml.encodeDefensive to convert string,
that is StringUtils.encodeHtmlDefensive
- this last method doesn't convert "<", "&", ">", "'" and """
So, for html files with xhtml dtd and for xhtml files, we can have
trouble when any of the above characters is present in a key's
value, e.g. double quote used in an attribute's value: then the end
of the value is not displayed.
I'm not fully following, can you give an example?
For exemples:
1/ put some < character inside element body like: Take x<p and then...,
the tag will be
<p><p>Take x<p and then...</p>
only 'Take x' will be displayed
2/ a buttom wich must display text with quotation inside as: Liste des
"canailles", the tag will be
<input type="submit" value="Liste des "canailles"" />
and only 'Liste des ' displayed.
3/ if simple quote is used for an attribut and the text is: S'inscrire,
then the tag will be
<input type='submit value='S'inscrire' />
only 'S' displayed.
Note: XHTML 1.0 Standard states " 4.4 Attribute values must always be
quoted - All attribute values must be quoted, even those which appear to
be numeric."
But it dosn't specify single or double quotes.
4/ with value as "Rire & pleurer"
The XHTML 1.0 standard states: "C.12 Using Ampersands in Attribute Values
When an attribute value contains an ampersand, it must be expressed as a
character entity reference (e.g. "&"). For example, when the href
attribute of the a element refers to a CGI script that takes parameters,
it must be expressed as
http://my.site.dom/cgi-bin/myscript.pl?class=guest&name=user rather
than as http://my.site.dom/cgi-bin/myscript.pl?class=guest&name=user.";
Is there any reason against to used EncoderHtml.encodeDefensive in
all the cases.
Yes, if you want to make sure that no html tags or entities can be
provided at all through form fields.
OK
I never used such possibilities. I put only "pure" text in properties
files: anybody can translate them without knowing anything in codage.
Is the choice only between:
- to be able to provide html tags ans entities from properties files
- to be able to use "<", "&", ">", "'" and """ caracters for attribute
or element values.
May be it's possible to do both of them:
- for any element or template, to give the choice between with or
without html tags/entities capabilities
- even in the case "without html tags/entities", to be able to use them
with escaping, like
summary-legend = XHTML Transitional 1.0\\<br /\\>Fragment
body-help = \\<div class=\\"form_help\\"\\>Vous pouvez saisir ici le
texte complet de la "nouvelle". Seul \
du texte XHTML valide est acceptable.\\</div\\>
Regards
Pierre
_______________________________________________
Rife-users mailing list
[email protected]
http://www.uwyn.com/mailman/listinfo/rife-users
