Uploaded image for project: '[Read Only] - Hippo Site Toolkit 2'
  1. [Read Only] - Hippo Site Toolkit 2
  2. HSTTWO-3084

HST URL Tags - option to not escape

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • None
    • 2.30.00, CMS-10.0-FCS
    • None
    • None

    Description

      If you add multiple parameters in a HST URL tag like the following example, then it escapes '&' to '& a m p ;', by default.

      <pre><xmp>
      RENDER URL: <hst:renderURL><hst:param name="a" value="one"/><hst:param name="b" value="two"/></hst:renderURL>
      RESOURCE URL: <hst:resourceURL><hst:param name="a" value="one"/><hst:param name="b" value="two"/></hst:resourceURL>
      COMPONENT RENDERING URL: <hst:componentRenderingURL><hst:param name="a" value="one"/><hst:param name="b" value="two"/></hst:componentRenderingURL>
      ACTION URL: <hst:actionURL><hst:param name="a" value="one"/><hst:param name="b" value="two"/></hst:actionURL>
      LINK URL: <hst:link path="/news"><hst:param name="a" value="one"/><hst:param name="b" value="two"/></hst:link>
      </xmp></pre>

      ==> (The above can generate something like this):

      <hr/>
      <pre><xmp>
      RENDER URL: /site/news;jsessionid=E7161C783A9A444E685A8F20C385CB58?r54_r1_r1:page=2& a m p ;r54_r3:b=two& a m p ;r54_r3:a=one
      RESOURCE URL: /site/_hn:resource%7Cr54_r3%7C/news;jsessionid=E7161C783A9A444E685A8F20C385CB58?r54_r1_r1:page=2& a m p ;r54_r3:b=two& a m p;r54_r3:a=one
      COMPONENT RENDERING URL: /site/_hn:component-rendering%7Cr54_r3/news;jsessionid=E7161C783A9A444E685A8F20C385CB58?r54_r1_r1:page=2& a m p ;r54_r3:b=two&a m p ;r54_r3:a=one
      ACTION URL: /site/_hn:action%7Cr54_r3%7C/news;jsessionid=E7161C783A9A444E685A8F20C385CB58?r54_r1_r1:page=2& a m p ;r54_r3:b=two& a m p ;r54_r3:a=one
      LINK URL: /site/news?b=two&a=one</xmp></pre>

      This default behavior (escaping the URL) is OK if the generated string is used in an html tag attribute (e.g, in href, src or action attribute).

      However, if it is used in a Javascript block like the following example [1], then the escaped string can lead to an invalid URL request:

      function <hst:namespace/>refreshDateTime()

      { simpleio_sendrequest("<hst:resourceURL/>", <hst:namespace/>mycb, null); }

      Therefore, we need to consistently expose 'escapeXml' attribute in the tag libraries.

      [1] http://svn.onehippo.org/repos/hippo/hippo-cms7/testsuite/trunk/resources/src/main/webapp/WEB-INF/jsp/components/footer/footer.jsp

      Attachments

        Issue Links

          is awaited by

          Improvement - An improvement or enhancement to an existing feature or task. HSTTWO-1831 actionURL is hard for infra to support in combination with https filter and proxies

          • High - High priority, expected behaviour required often required for other tasks
          • Closed

          Activity

            People

              Unassigned Unassigned
              wko Woonsan Ko (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: