Ok. Got it working this way. First escapeJavaScript() like I did and then
execute on escaped wrapString().
Thanks.
masionas wrote:
>
> HI David,
>
> Actually I think I found where it is started to be encoded. To pass the
> strings back to javascript as ajax response I escape them by this method
>
> <#assign sliderDivEscaped=
> Static["org.apache.commons.lang.StringEscapeUtils"].escapeJavaScript(.vars["sliderDiv"])>
>
> And it looks like escapeJavaScript() method started to escape html chars
> as well now. Which was not the case before I merged with a new version
> (09.04)
>
>
> David E Jones-3 wrote:
>>
>>
>> There was an answer to this in another thread earlier today...
>> something about:
>>
>> ${StringUtil.wrapString(productPromo.promoText?if_exists)}
>>
>> -David
>>
>>
>> On Apr 23, 2009, at 1:26 AM, masionas wrote:
>>
>>>
>>> Hi David,
>>>
>>> Here is what I have:
>>>
>>> Ajax request which maps to a a screen definition of couple groovy
>>> files and
>>> ftl. Groovy file calls CategoryContentWorker methods to get content of
>>> category, then this content is put into ftl which is returned as a
>>> piece of
>>> html ready to be assinged to a DIV element on the page.
>>> Without security enhancement FTL returned raw(not auto-encoded) html
>>> as it
>>> was expected. But with the latest release it auto encodes the tags
>>> and other
>>> html chars. For example, <, >, \r,\n etc. And hence when I
>>> assign it
>>> to a DIV it is not a "real" html anymore, but encoded stuff.
>>>
>>>
>>>
>>> David E Jones-3 wrote:
>>>>
>>>>
>>>> Could you be more specific? Which file, or at least type of file, are
>>>> you looking at?
>>>>
>>>> What is the behavior you want, and what is actually happening?
>>>>
>>>> -David
>>>>
>>>>
>>>> On Apr 22, 2009, at 9:59 AM, masionas wrote:
>>>>
>>>>>
>>>>> HI Guys,
>>>>>
>>>>> How can I disable html encoding on output which was brought with new
>>>>> security implementation? Is there a way to do it in request map or
>>>>> screen
>>>>> definition? Thank you.
>>>>> --
>>>>> View this message in context:
>>>>> http://www.nabble.com/Disable-HTML-Encoding-Output-tp23175536p23175536.html
>>>>> Sent from the OFBiz - User mailing list archive at Nabble.com.
>>>>>
>>>>
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/Disable-HTML-Encoding-Output-tp23175536p23191668.html
>>> Sent from the OFBiz - User mailing list archive at Nabble.com.
>>>
>>
>>
>>
>
>
--
View this message in context:
http://www.nabble.com/Disable-HTML-Encoding-Output-tp23175536p23197375.html
Sent from the OFBiz - User mailing list archive at Nabble.com.
