[ICE-5742] Escape CDATA end marker for partial response - ICEsoft JIRA Issue Tracker

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0-Alpha2
Fix Version/s: 2.0-Alpha3, 2.0.0
Component/s: Framework
Labels:
None
Environment:
ICEfaces 2.0

Description

If a component writes out a CDATA section, the end marker "]]>" can prematurely end the CDATA section in use by a partial response.

For instance, this is the case with the ui:debug:

<script language="javascript" type="text/javascript">
//<![CDATA[
function faceletsDebug(URL) { day = new Date(); id = day.getTime(); eval("page" + id + " = window.open(URL, '" + id + "', 'toolbar=0,scrollbars=1,location=0,statusbar=0,menubar=0,resizable=1,width=800,height=600,left = 240,top = 212');"); };var faceletsOrigKeyup = document.onkeyup; document.onkeyup = function(e) { if (window.event) e = window.event; if (String.fromCharCode(e.keyCode) == 'P' & e.shiftKey & e.ctrlKey) faceletsDebug('/basic/icefaces.jsf?facelets.ui.DebugOutput=1274286830705'); else if (faceletsOrigKeyup) faceletsOrigKeyup(e); };
//]]>
</script>

-------------
<script language="javascript" type="text/javascript">
//<![CDATA[
function faceletsDebug(URL) { day = new Date(); id = day.getTime(); eval("page" + id + " = window.open(URL, '" + id + "', 'toolbar=0,scrollbars=1,location=0,statusbar=0,menubar=0,resizable=1,width=800,height=600,left = 240,top = 212');"); };var faceletsOrigKeyup = document.onkeyup; document.onkeyup = function(e) { if (window.event) e = window.event; if (String.fromCharCode(e.keyCode) == 'P' & e.shiftKey & e.ctrlKey) faceletsDebug('/basic/icefaces.jsf?facelets.ui.DebugOutput=1274286830705'); else if (faceletsOrigKeyup) faceletsOrigKeyup(e); };
//]]>]]><![CDATA[
</script>

The desired output for the script contents is also shown. Note that the unescaped " ]]>" should appear literally during the initial full page response.

It would be more efficient to have the component initially escape its output so that it was valid both inside and outside of a CDATA section (for instance, simply escape any <, > characters in the script rather than use CDATA) since this single escaped form could be used by all instances throughout the application (for all users and successive renderings of the page), but it is always possible for a component to write "]]>" so this must be guarded against. It may be useful to provide a mode where ]]> can be turned off for applications that are known not to output this sequence.

Activity

Ascending order - Click to sort in descending order

Repository	Revision	Date	User	Message
ICEsoft Public SVN Repository	#21451	Wed May 19 09:36:40 MDT 2010	ted.goddard	escape CDATA end marker in partial response update sections (~~ICE-5742~~)
				Files Changed
				MODIFY /icefaces/scratchpads/glimmer/core/src/main/java/org/icefaces/util/DOMUtils.java MODIFY /icefaces/scratchpads/glimmer/core/src/main/java/org/icefaces/context/DOMPartialViewContext.java

Ted Goddard created issue - 19/May/10 11:50 AM

Ted Goddard made changes - 19/May/10 12:37 PM

Field	Original Value	New Value
Assignee		Ted Goddard [ ted.goddard ]

Ted Goddard made changes - 20/May/10 5:27 PM

Salesforce Case		[]
Fix Version/s		2.0-Alpha3 [ 10032 ]

Hide

Permalink

Ted Goddard added a comment - 20/May/10 5:28 PM

Verified for ui:debug.

Show

Ted Goddard added a comment - 20/May/10 5:28 PM Verified for ui:debug.

Ted Goddard made changes - 20/May/10 5:28 PM

Status	Open [ 1 ]	Resolved [ 5 ]
Resolution		Fixed [ 1 ]

Ken Fyten made changes - 21/Dec/10 2:48 PM

Fix Version/s

2.0.0 [ 10230 ]

Ken Fyten made changes - 03/Jan/11 4:18 PM

Status

Resolved [ 5 ]

Closed [ 6 ]

People

Assignee:

Ted Goddard

Reporter:

Ted Goddard

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

19/May/10 11:50 AM

Updated:

03/Jan/11 4:18 PM

Resolved:

20/May/10 5:28 PM