ICEfaces
  1. ICEfaces
  2. ICE-5582

Ensure ResponseWriter based compat components do escaping properly

          Details

          • Type: Improvement Improvement
          • Status: Closed
          • Priority: Major Major
          • Resolution: Fixed
          • Affects Version/s: 1.7
          • Fix Version/s: 2.0-Alpha3, 2.0.0
          • Component/s: ICE-Components
          • Labels:
            None
          • Environment:
            ICEfaces

            Description

            In ICEfaces 1.8 and before, we focused on direct-to-DOM rendering, and implemented text escaping in DOMUtils.escapeAnsi(). But in stock JSF, text escaping is provided by the ResponseWriter, in its writeText(-), writeAttribute(-) and writeURIAttribute(-) methods. All stock JSF components use those methods, so that everything is escaped by default. For the rare exception, like when outputText has escape=false, then the unescaped write(-) method is used.

            When we discovered that our DOMResponseWriter was missing this behaviour, it was too late to change it, because users were already working around it by manually escaping the output. We didn't want to break applications by double escaping. But now, with ICEfaces 2, we're able to make fixes that break backwards compatibility, so in ICE-3182, we'll be changing our ResponseWriter to follow the standard escaping rules.

            So, our ResponseWriter based compat components should be altered to not use DOMUtils.escapeAnsi() any more, and just use the appropriate ResponseWriter APIs instead.

              Issue Links

              depends on

              Bug - A problem which impairs or prevents the functions of the product. ICE-3182 DOMResponseWriter.writeText() escaping

              • Major - Major loss of function.
              • Closed

                Activity

                Hide
                Permalink
                Greg Dick added a comment -

                I fixed the outputTextRenderer to support the escape attribute and changed the textAreaRenderer to always use the writeText method. The rest of the compat components don't use the ResponseWriter API, but rather manipulate the DOM directly.

                Show
                Greg Dick added a comment - I fixed the outputTextRenderer to support the escape attribute and changed the textAreaRenderer to always use the writeText method. The rest of the compat components don't use the ResponseWriter API, but rather manipulate the DOM directly.

                  People

                  • Assignee:
                    Greg Dick
                    Reporter:
                    Mark Collette
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    0 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: