ICEfaces
  1. ICEfaces
  2. ICE-5582

Ensure ResponseWriter based compat components do escaping properly

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.7
    • Fix Version/s: 2.0-Alpha3, 2.0.0
    • Component/s: ICE-Components
    • Labels:
      None
    • Environment:
      ICEfaces

      Description

      In ICEfaces 1.8 and before, we focused on direct-to-DOM rendering, and implemented text escaping in DOMUtils.escapeAnsi(). But in stock JSF, text escaping is provided by the ResponseWriter, in its writeText(-), writeAttribute(-) and writeURIAttribute(-) methods. All stock JSF components use those methods, so that everything is escaped by default. For the rare exception, like when outputText has escape=false, then the unescaped write(-) method is used.

      When we discovered that our DOMResponseWriter was missing this behaviour, it was too late to change it, because users were already working around it by manually escaping the output. We didn't want to break applications by double escaping. But now, with ICEfaces 2, we're able to make fixes that break backwards compatibility, so in ICE-3182, we'll be changing our ResponseWriter to follow the standard escaping rules.

      So, our ResponseWriter based compat components should be altered to not use DOMUtils.escapeAnsi() any more, and just use the appropriate ResponseWriter APIs instead.

        Issue Links

          Activity

            People

            • Assignee:
              Greg Dick
              Reporter:
              Mark Collette
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: