Re: [xwiki-users] What is $xwiki.getXMLEncoded()'s purpose in url names?
On Fri, Mar 5, 2010 at 04:58, Sergiu Dumitriu ser...@xwiki.com wrote: On 03/02/2010 08:20 PM, Thomas Mortagne wrote: On Tue, Mar 2, 2010 at 18:25, Sergiu Dumitriuser...@xwiki.com wrote: On 03/02/2010 05:01 PM, Joel Forsberg wrote: Greetings On my wiki using swedish characters for xwiki page titles give ugly but working entries in all panels, e.g. Backlinks Recent modifications and My recent modifications An example is having: Startsidor f#246;r v#229;ra intresseomr#229;den ...instead of the correct: Startsidor för våra intresseområden Another example is putting thiss wiki code on top of a page: = header thatlook ugly here = The script responsible for for the texts in the panels is as follow: span class=panelitem a href=$rdoc.getURL('view') $xwiki.getXMLEncoded($rdoc.displayTitle) /a/span I've noticed that changing the third line into only $rdoc.displayTitle will produce a nice looking entry, and $rdoc is set via #set($rdoc = $xwiki.getDocument($docname).getTranslatedDocument()) Now, can anyone see a purpose of using getXMLEncoded() for this? As far as I have seen, it only breaks things. This is not caused by getXMLEncoded, it merely makes the problem visible. This method must be used in order to prevent other problems: Invalid XML, broken layout, XSS... The problem is that the code inside getDisplayTitle wrongly uses a XML escaping option. No, this is valid because the job of $rdoc.displayTitle is to produce xhtml content and theses are valid XML escapes. Where does it say that it should produce xhtml content? public String getDisplayTitle(XWikiContext context) { return getRenderedTitle(Syntax.XHTML_1_0, context); } Assuming that it should produce xhtml, the behavior is inconsistent. If the title is placed in the document.title field, then it returns characters; if it is placed in the first heading, it returns escapes. If we use wiki syntax in the document.title, we get back wiki syntax; if we use wiki syntax in the first heading, we get back HTML. That is totally inconsistent and confusing. This is an API design problem that should be discussed further on the dev list. Going back to this specific problem, I think that it should be solved by using the plaintext output syntax, since inside a panel we're not interested in formatting or other markup inside the title, just the textual content. So you don't need to use getXMLEncoded because any xml content is already properly escaped (in xwiki/2.0 syntax). I need to use getXMLEncoded because the title doesn't always come from the content. When you want a plain text version of the title you should use $rdoc.getRenderedTitle(plain/1.0). -- Sergiu Dumitriu http://purl.org/net/sergiu/ ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] What is $xwiki.getXMLEncoded()'s purpose in url names?
On 03/05/2010 10:06 AM, Thomas Mortagne wrote: On Fri, Mar 5, 2010 at 04:58, Sergiu Dumitriuser...@xwiki.com wrote: On 03/02/2010 08:20 PM, Thomas Mortagne wrote: On Tue, Mar 2, 2010 at 18:25, Sergiu Dumitriuser...@xwiki.comwrote: On 03/02/2010 05:01 PM, Joel Forsberg wrote: Greetings On my wiki using swedish characters for xwiki page titles give ugly but working entries in all panels, e.g. Backlinks Recent modifications and My recent modifications An example is having: Startsidor f#246;r v#229;ra intresseomr#229;den ...instead of the correct: Startsidor för våra intresseområden Another example is putting thiss wiki code on top of a page: = header thatlook ugly here = The script responsible for for the texts in the panels is as follow: span class=panelitem a href=$rdoc.getURL('view') $xwiki.getXMLEncoded($rdoc.displayTitle) /a/span I've noticed that changing the third line into only $rdoc.displayTitle will produce a nice looking entry, and $rdoc is set via #set($rdoc = $xwiki.getDocument($docname).getTranslatedDocument()) Now, can anyone see a purpose of using getXMLEncoded() for this? As far as I have seen, it only breaks things. This is not caused by getXMLEncoded, it merely makes the problem visible. This method must be used in order to prevent other problems: Invalid XML, broken layout, XSS... The problem is that the code inside getDisplayTitle wrongly uses a XML escaping option. No, this is valid because the job of $rdoc.displayTitle is to produce xhtml content and theses are valid XML escapes. Where does it say that it should produce xhtml content? public String getDisplayTitle(XWikiContext context) { return getRenderedTitle(Syntax.XHTML_1_0, context); } I know that this is what it does, but why? The semantics of this method changed over time. The method used (with 1.0 syntax) to return whatever was in the title, interpreted but not rendered. So, if it did contain html markup in it, then that was it. But the wiki markup wasn't rendered into HTML. And it still behaves this way for the value placed in the title field. So, I don't agree with the behavior change and the inconsistency it creates. Assuming that it should produce xhtml, the behavior is inconsistent. If the title is placed in the document.title field, then it returns characters; if it is placed in the first heading, it returns escapes. If we use wiki syntax in the document.title, we get back wiki syntax; if we use wiki syntax in the first heading, we get back HTML. That is totally inconsistent and confusing. This is an API design problem that should be discussed further on the dev list. Going back to this specific problem, I think that it should be solved by using the plaintext output syntax, since inside a panel we're not interested in formatting or other markup inside the title, just the textual content. So you don't need to use getXMLEncoded because any xml content is already properly escaped (in xwiki/2.0 syntax). I need to use getXMLEncoded because the title doesn't always come from the content. When you want a plain text version of the title you should use $rdoc.getRenderedTitle(plain/1.0). -- Sergiu Dumitriu http://purl.org/net/sergiu/ ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] What is $xwiki.getXMLEncoded()'s purpose in url names?
On Fri, Mar 5, 2010 at 10:40, Sergiu Dumitriu ser...@xwiki.com wrote: On 03/05/2010 10:06 AM, Thomas Mortagne wrote: On Fri, Mar 5, 2010 at 04:58, Sergiu Dumitriuser...@xwiki.com wrote: On 03/02/2010 08:20 PM, Thomas Mortagne wrote: On Tue, Mar 2, 2010 at 18:25, Sergiu Dumitriuser...@xwiki.com wrote: On 03/02/2010 05:01 PM, Joel Forsberg wrote: Greetings On my wiki using swedish characters for xwiki page titles give ugly but working entries in all panels, e.g. Backlinks Recent modifications and My recent modifications An example is having: Startsidor f#246;r v#229;ra intresseomr#229;den ...instead of the correct: Startsidor för våra intresseområden Another example is putting thiss wiki code on top of a page: = header thatlook ugly here = The script responsible for for the texts in the panels is as follow: span class=panelitem a href=$rdoc.getURL('view') $xwiki.getXMLEncoded($rdoc.displayTitle) /a/span I've noticed that changing the third line into only $rdoc.displayTitle will produce a nice looking entry, and $rdoc is set via #set($rdoc = $xwiki.getDocument($docname).getTranslatedDocument()) Now, can anyone see a purpose of using getXMLEncoded() for this? As far as I have seen, it only breaks things. This is not caused by getXMLEncoded, it merely makes the problem visible. This method must be used in order to prevent other problems: Invalid XML, broken layout, XSS... The problem is that the code inside getDisplayTitle wrongly uses a XML escaping option. No, this is valid because the job of $rdoc.displayTitle is to produce xhtml content and theses are valid XML escapes. Where does it say that it should produce xhtml content? public String getDisplayTitle(XWikiContext context) { return getRenderedTitle(Syntax.XHTML_1_0, context); } I know that this is what it does, but why? The semantics of this method changed over time. The method used (with 1.0 syntax) to return whatever was in the title, interpreted but not rendered. So, if it did contain html markup in it, then that was it. But the wiki markup wasn't rendered into HTML. And it still behaves this way for the value placed in the title field. You forget part of what i said: (in xwiki/2.0 syntax). There is not such thing as interpreted but not rendered with xwiki/2.0 syntax. So, I don't agree with the behavior change and the inconsistency it creates. Assuming that it should produce xhtml, the behavior is inconsistent. If the title is placed in the document.title field, then it returns characters; if it is placed in the first heading, it returns escapes. If we use wiki syntax in the document.title, we get back wiki syntax; if we use wiki syntax in the first heading, we get back HTML. That is totally inconsistent and confusing. This is an API design problem that should be discussed further on the dev list. Going back to this specific problem, I think that it should be solved by using the plaintext output syntax, since inside a panel we're not interested in formatting or other markup inside the title, just the textual content. So you don't need to use getXMLEncoded because any xml content is already properly escaped (in xwiki/2.0 syntax). I need to use getXMLEncoded because the title doesn't always come from the content. When you want a plain text version of the title you should use $rdoc.getRenderedTitle(plain/1.0). -- Sergiu Dumitriu http://purl.org/net/sergiu/ ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] What is $xwiki.getXMLEncoded()'s purpose in url names?
On Friday 05 March 2010 04:58:57 Sergiu Dumitriu wrote: I need to use getXMLEncoded because the title doesn't always come from the content. I saw the suggestion to modify the getXMLEncoded route on the JIRA ticket, so I decided to do some testing with that. I only know two ways to set the title for a document (are there more?) either from the content or the title, and here's the results from those. (I have edited the out some hrefs=) Case 1: Having a document where title field is blank, but having a section as Document 1: = A damn hr / ruler = Document 2: = Att-göra-lista = Results: $rdoc.displayTitle 1 aA damn lt;hr /gt; ruler/a 2 aAtt g#246;ra-lista/a $xwiki.getXMLEncoded($rdoc.getRenderedTitle('plain/1.0') 1 aA damn #60;hr /#62; ruler/a 2 aAtt göra-lista/a Visually: all the results appears okay and the same in Firefox. (I wonder if IE versions can handle the XML output?) The xml route outputs UTF-8 characters, whereas displayTitle escapes them correctly even if the browser selects wrong character encoding. However, the rest of the wiki use utf-8 consistently so that later case is not likely an issue. Case 2: Putting the same in proper title field. Results: $rdoc.displayTitle 1 a= A damn /ahr/a ruler =/a 2 a= Att göra-lista =/a $xwiki.getXMLEncoded($rdoc.getRenderedTitle('plain/1.0') 1 a= A damn/apa/a/phr/a/aparuler =/a/p 2 a= Att göra-lista =/a Visually: As you see, the characters are not escaped at all when using the title, no matter what method is being used. Guessing would make me say the title field is buggy. The xml route even puts in a few extra p tags for some reason. I think the proper title field needs to be fixed in some way to escape special characters before this can be fixed. It might also be good to have an example where getXMLEncoded() does any good for panel links at the moment, for testing purposes? -Regards, Joel ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] What is $xwiki.getXMLEncoded()'s purpose in url names?
On 03/05/2010 02:10 PM, Joel Forsberg wrote: On Friday 05 March 2010 04:58:57 Sergiu Dumitriu wrote: I need to use getXMLEncoded because the title doesn't always come from the content. I saw the suggestion to modify the getXMLEncoded route on the JIRA ticket, so I decided to do some testing with that. I only know two ways to set the title for a document (are there more?) either from the content or the title, and No, these are the only ones. Actually, as a fallback, if there is not title in any of these places, then the document name is used. here's the results from those. (I have edited the out some hrefs=) Case 1: Having a document where title field is blank, but having a section as Document 1: = A damnhr / ruler = Document 2: = Att-göra-lista = Results: $rdoc.displayTitle 1aA damnlt;hr /gt; ruler/a 2aAtt g#246;ra-lista/a $xwiki.getXMLEncoded($rdoc.getRenderedTitle('plain/1.0') 1aA damn#60;hr /#62; ruler/a 2aAtt göra-lista/a Visually: all the results appears okay and the same in Firefox. (I wonder if IE versions can handle the XML output?) The xml route outputs UTF-8 characters, whereas displayTitle escapes them correctly even if the browser selects wrong character encoding. However, the rest of the wiki use utf-8 consistently so that later case is not likely an issue. Case 2: Putting the same in proper title field. Results: $rdoc.displayTitle 1a= A damn/ahr/a ruler =/a 2a= Att göra-lista =/a $xwiki.getXMLEncoded($rdoc.getRenderedTitle('plain/1.0') 1a= A damn/apa/a/phr/a/aparuler =/a/p This is caused not by the display code, but by the fact that the result is used inside a panel written with the 1.0 syntax, which doesn't know that the result is already processed. You can check that by actually using this in the panel: {pre}span class=panelitema href=$rdoc.getURL('view')$xwiki.getXMLEncoded($rdoc.getRenderedTitle('plain/1.0'))/a/span{/pre} {pre}{/pre} prevents re-rendering the content. The result with this is: A damn ruler Which again is a bit wrong, but this is a bug in the core, it always assumes that the content that it got from the title field is velocity+HTML, even if the page is in xwiki/2.0 syntax. 2a= Att göra-lista =/a Visually: As you see, the characters are not escaped at all when using the title, no matter what method is being used. Guessing would make me say the title field is buggy. The xml route even puts in a few extrap tags for some reason. I think the proper title field needs to be fixed in some way to escape special characters before this can be fixed. It might also be good to have an example where getXMLEncoded() does any good for panel links at the moment, for testing purposes? Try to put one of these in the title field: When to use /div = badly broken display CrossSiteScripting example: scriptalert('I pwnd U')/script = bad, bad, bad -- Sergiu Dumitriu http://purl.org/net/sergiu/ ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] What is $xwiki.getXMLEncoded()'s purpose in url names?
On 03/02/2010 08:20 PM, Thomas Mortagne wrote: On Tue, Mar 2, 2010 at 18:25, Sergiu Dumitriuser...@xwiki.com wrote: On 03/02/2010 05:01 PM, Joel Forsberg wrote: Greetings On my wiki using swedish characters for xwiki page titles give ugly but working entries in all panels, e.g. Backlinks Recent modifications and My recent modifications An example is having: Startsidor f#246;r v#229;ra intresseomr#229;den ...instead of the correct: Startsidor för våra intresseområden Another example is putting thiss wiki code on top of a page: = header thatlook uglyhere = The script responsible for for the texts in the panels is as follow: span class=panelitem a href=$rdoc.getURL('view') $xwiki.getXMLEncoded($rdoc.displayTitle) /a/span I've noticed that changing the third line into only $rdoc.displayTitle will produce a nice looking entry, and $rdoc is set via #set($rdoc = $xwiki.getDocument($docname).getTranslatedDocument()) Now, can anyone see a purpose of using getXMLEncoded() for this? As far as I have seen, it only breaks things. This is not caused by getXMLEncoded, it merely makes the problem visible. This method must be used in order to prevent other problems: Invalid XML, broken layout, XSS... The problem is that the code inside getDisplayTitle wrongly uses a XML escaping option. No, this is valid because the job of $rdoc.displayTitle is to produce xhtml content and theses are valid XML escapes. Where does it say that it should produce xhtml content? Assuming that it should produce xhtml, the behavior is inconsistent. If the title is placed in the document.title field, then it returns characters; if it is placed in the first heading, it returns escapes. If we use wiki syntax in the document.title, we get back wiki syntax; if we use wiki syntax in the first heading, we get back HTML. That is totally inconsistent and confusing. This is an API design problem that should be discussed further on the dev list. Going back to this specific problem, I think that it should be solved by using the plaintext output syntax, since inside a panel we're not interested in formatting or other markup inside the title, just the textual content. So you don't need to use getXMLEncoded because any xml content is already properly escaped (in xwiki/2.0 syntax). I need to use getXMLEncoded because the title doesn't always come from the content. When you want a plain text version of the title you should use $rdoc.getRenderedTitle(plain/1.0). -- Sergiu Dumitriu http://purl.org/net/sergiu/ ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] What is $xwiki.getXMLEncoded()'s purpose in url names?
Thanks Thomas I made a JIRA entry against the Panels Application, and a trivial patch to fix it. It's my first, so It'll be exciting to see what happens. :) http://jira.xwiki.org/jira/secure/ManageAttachments.jspa?id=29978 -Joel Forsberg On Tuesday 02 March 2010 20:20:01 Thomas Mortagne wrote: On Tue, Mar 2, 2010 at 18:25, Sergiu Dumitriu ser...@xwiki.com wrote: On 03/02/2010 05:01 PM, Joel Forsberg wrote: Greetings On my wiki using swedish characters for xwiki page titles give ugly but working entries in all panels, e.g. Backlinks Recent modifications and My recent modifications An example is having: Startsidor f#246;r v#229;ra intresseomr#229;den ...instead of the correct: Startsidor för våra intresseområden Another example is putting thiss wiki code on top of a page: = header thatlook ugly here = The script responsible for for the texts in the panels is as follow: span class=panelitem a href=$rdoc.getURL('view') $xwiki.getXMLEncoded($rdoc.displayTitle) /a/span I've noticed that changing the third line into only $rdoc.displayTitle will produce a nice looking entry, and $rdoc is set via #set($rdoc = $xwiki.getDocument($docname).getTranslatedDocument()) Now, can anyone see a purpose of using getXMLEncoded() for this? As far as I have seen, it only breaks things. This is not caused by getXMLEncoded, it merely makes the problem visible. This method must be used in order to prevent other problems: Invalid XML, broken layout, XSS... The problem is that the code inside getDisplayTitle wrongly uses a XML escaping option. No, this is valid because the job of $rdoc.displayTitle is to produce xhtml content and theses are valid XML escapes. So you don't need to use getXMLEncoded because any xml content is already properly escaped (in xwiki/2.0 syntax). When you want a plain text version of the title you should use $rdoc.getRenderedTitle(plain/1.0). -- Sergiu Dumitriu http://purl.org/net/sergiu/ ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] What is $xwiki.getXMLEncoded()'s purpose in url names?
On 03/02/2010 05:01 PM, Joel Forsberg wrote: Greetings On my wiki using swedish characters for xwiki page titles give ugly but working entries in all panels, e.g. Backlinks Recent modifications and My recent modifications An example is having: Startsidor f#246;r v#229;ra intresseomr#229;den ...instead of the correct: Startsidor för våra intresseområden Another example is putting thiss wiki code on top of a page: = header thatlook ugly here = The script responsible for for the texts in the panels is as follow: span class=panelitem a href=$rdoc.getURL('view') $xwiki.getXMLEncoded($rdoc.displayTitle) /a/span I've noticed that changing the third line into only $rdoc.displayTitle will produce a nice looking entry, and $rdoc is set via #set($rdoc = $xwiki.getDocument($docname).getTranslatedDocument()) Now, can anyone see a purpose of using getXMLEncoded() for this? As far as I have seen, it only breaks things. This is not caused by getXMLEncoded, it merely makes the problem visible. This method must be used in order to prevent other problems: Invalid XML, broken layout, XSS... The problem is that the code inside getDisplayTitle wrongly uses a XML escaping option. -- Sergiu Dumitriu http://purl.org/net/sergiu/ ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] What is $xwiki.getXMLEncoded()'s purpose in url names?
On Tue, Mar 2, 2010 at 18:25, Sergiu Dumitriu ser...@xwiki.com wrote: On 03/02/2010 05:01 PM, Joel Forsberg wrote: Greetings On my wiki using swedish characters for xwiki page titles give ugly but working entries in all panels, e.g. Backlinks Recent modifications and My recent modifications An example is having: Startsidor f#246;r v#229;ra intresseomr#229;den ...instead of the correct: Startsidor för våra intresseområden Another example is putting thiss wiki code on top of a page: = header thatlook ugly here = The script responsible for for the texts in the panels is as follow: span class=panelitem a href=$rdoc.getURL('view') $xwiki.getXMLEncoded($rdoc.displayTitle) /a/span I've noticed that changing the third line into only $rdoc.displayTitle will produce a nice looking entry, and $rdoc is set via #set($rdoc = $xwiki.getDocument($docname).getTranslatedDocument()) Now, can anyone see a purpose of using getXMLEncoded() for this? As far as I have seen, it only breaks things. This is not caused by getXMLEncoded, it merely makes the problem visible. This method must be used in order to prevent other problems: Invalid XML, broken layout, XSS... The problem is that the code inside getDisplayTitle wrongly uses a XML escaping option. No, this is valid because the job of $rdoc.displayTitle is to produce xhtml content and theses are valid XML escapes. So you don't need to use getXMLEncoded because any xml content is already properly escaped (in xwiki/2.0 syntax). When you want a plain text version of the title you should use $rdoc.getRenderedTitle(plain/1.0). -- Sergiu Dumitriu http://purl.org/net/sergiu/ ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users