On 7/4/02 8:56 PM, "Taavi Tiirik" ([EMAIL PROTECTED]) penned the words:
>>> Are there any occasions where it is *not* necessary to escape the >>> output? I.e. should we always do it? >> >> There's no reason to escape it in normal HTML. It might have < or > in it >> that you WANT to be interpretted as tags (or even "). The only place you >> want it to be escaped is inside an attribute, inside a <textarea> or >> sometimes inside HTML (ie displaying a value). >> >> At the moment I handle this by wrapping a <view:escape> tag around the >> property tag - I have a modified set of JSP templates which do this (and >> other things - like multiple selects, header rows, descriptions). Again, >> waiting on 1.0 to get done before I commit any of these. > > Mike, > > Now that 1.0 is released do you have time to share your <view:escape> tag > functionality as well as new jsp templates you have made to the cvs. I did all this while developing JIRA (http://www.atlassian.com/beta/jira) which is I think the first commercial product built on top of WebWork? (Anyone know of any others?) 1.0 is due to be released on Wednesday. Hence one of our users found this 'bug' ;) Our escape tag is actually part of JIRAs tag library (WW was in a code freeze so we couldn't make changes there) so I can't really share it - but it's fairly simple. What it does is wrap OSCore's TextUtils.htmlEncode() method with a tag. See: http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/opensymphony/oscore/src/com/o pensymphony/util/TextUtils.java?rev=1.30&content-type=text/vnd.viewcvs-marku p (There are tonnes and tonnes of useful text methods in here that you might want to work into webwork taglibs somehow) As for the JSP templates - they are also highly customised which is a problem. They do provide lots of extra cool functionality (multiple select boxes, header rows, field descriptions and html encoding) but have other stuff built in. If anyone wants to, they're most welcome to download JIRA and 'extract' the cool code from our templates and put it into the WW default templates? (they're just JSP filea inside the WAR) (The problem with the whole template arch. is that eventually everyone will end up with a custom set of templates and there's no way to easily merge or update - this is not an easy problem to solve though ;)) > It seems that <webwork:property> tag should be thought to do the > escaping... ie. it would not make sense to wrap just about every usage of > property tag with jet another tag. What do you think? I agree - this seems like the most sensible solution. I can't think of too many situations where you WOULDN'T want to encode the text as HTML - so perhaps this should be the default option, and you can turn if off if you want? Hope this helps! Cheers, Mike _______________________________________________ Webwork-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webwork-user
