Re: [Wicket-develop] Thoughts on default html escaping in Wicket core

Thu, 01 Dec 2005 19:01:15 -0800

hmm
i think i can remove the escaping in the getModelObjectAsString()
and then move it to the places where it really needs to check/do it
the biggest would be:

Component
    protected final void replaceComponentTagBody(final MarkupStream markupStream,
            final ComponentTag tag, final String body)

I think that is the easiest thing to do currently.

johan


On 12/1/05, Laurent PETIT <[EMAIL PROTECTED]> wrote:
On 12/1/05, Johan Compagner <[EMAIL PROTECTED]> wrote:
> still don't know if we can do that currently easy.

Yes, it may not be that easy.
But it will be increasingly difficult to correct as time passes, and
code base grows ...

I really think this problem should be solved asap if possible.

> I don't know for example what happens if we escape twice (Which will happen
> if we escape all the values now)

For sure, it will not work correctly if values are escaped twice.

> Because we do need to keep the getModelAsString() escaping we can't remove
> that there because not all strings
> that are get from there are used as attributes. It can also be used as body.

The getModelAsString() method name isn't representative at all of what
the method really does !
Nor is the javadoc, which states : "Gets a model object as a string."

Shouldn't there be something like a getModelAsHtmlString() that calls
getModelAsString() (which does no escaping) and applies the algorithm
devoted to checking the FLAG_ESCAPE_MODEL_STRINGS flag and apply the
escaping as needed by the component ?


it will indeed be difficult to make this refactoring, but it is important, IMHO.


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&opclick
_______________________________________________
Wicket-develop mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wicket-develop

Reply via email to