ICEfaces
  1. ICEfaces
  2. ICE-5551

ICEfaces 2.0 DOM output attribute escaping

          Details

          • Type: Bug Bug
          • Status: Closed
          • Priority: Major Major
          • Resolution: Fixed
          • Affects Version/s: 2.0-Alpha2
          • Fix Version/s: 2.0-Alpha3, 2.0.0
          • Component/s: Framework
          • Labels:
            None
          • Environment:
            ICEfaces

            Description

            DOMUtils.printNode is used for DOM output and makes use of escapeAnsi for XML/HTML attribute values. This produces valid output, but is overly zealous and escapes characters that do not need to be escaped for double quoted "" attribute values. In particular, the single quote character is legal, but was being escaped as '.

              Issue Links

              depends on

              Bug - A problem which impairs or prevents the functions of the product. ICE-3182 DOMResponseWriter.writeText() escaping

              • Major - Major loss of function.
              • Closed

                Activity

                Ascending order - Click to sort in descending order
                Hide
                Permalink
                Ted Goddard added a comment -

                The escapeAttribute() implementation assumes that the attribute value is surrounded by double quotes ("). This implementation escapes only the require values as defined by the XML specification. This must be tested with unicode characters in existing browsers. (For instance, the ascii DEL character is valid XML, but may not be accepted by some browsers. Additionally, unicode values are now being written directly in an assumed UTF-8 encoding, so this may cause incompatibility.

                Show
                Ted Goddard added a comment - The escapeAttribute() implementation assumes that the attribute value is surrounded by double quotes ("). This implementation escapes only the require values as defined by the XML specification. This must be tested with unicode characters in existing browsers. (For instance, the ascii DEL character is valid XML, but may not be accepted by some browsers. Additionally, unicode values are now being written directly in an assumed UTF-8 encoding, so this may cause incompatibility.
                Hide
                Permalink
                Ted Goddard added a comment -

                Judy, please test against the mojarra tests and then assign to Ken to confirm whether we have unicode and internationalization tests that are suitable.

                Show
                Ted Goddard added a comment - Judy, please test against the mojarra tests and then assign to Ken to confirm whether we have unicode and internationalization tests that are suitable.
                Hide
                Permalink
                Ken Fyten added a comment -

                ICE-3182 to resolve this, needs to be verified once it is fixed.

                Show
                Ken Fyten added a comment - ICE-3182 to resolve this, needs to be verified once it is fixed.
                Hide
                Permalink
                Greg Dick added a comment -

                The single quote is being handled correctly. There's an HTMLUnit test section in the ICE-3182 test case.

                Show
                Greg Dick added a comment - The single quote is being handled correctly. There's an HTMLUnit test section in the ICE-3182 test case.

                  People

                  • Assignee:
                    Greg Dick
                    Reporter:
                    Ted Goddard
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    0 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: