ICEfaces
  1. ICEfaces
  2. ICE-5742

Escape CDATA end marker for partial response

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.0-Alpha2
    • Fix Version/s: 2.0-Alpha3, 2.0.0
    • Component/s: Framework
    • Labels:
      None
    • Environment:
      ICEfaces 2.0

      Description


      If a component writes out a CDATA section, the end marker "]]>" can prematurely end the CDATA section in use by a partial response.

      For instance, this is the case with the ui:debug:

      <script language="javascript" type="text/javascript">
      //<![CDATA[
      function faceletsDebug(URL) { day = new Date(); id = day.getTime(); eval("page" + id + " = window.open(URL, '" + id + "', 'toolbar=0,scrollbars=1,location=0,statusbar=0,menubar=0,resizable=1,width=800,height=600,left = 240,top = 212');"); };var faceletsOrigKeyup = document.onkeyup; document.onkeyup = function(e) { if (window.event) e = window.event; if (String.fromCharCode(e.keyCode) == 'P' & e.shiftKey & e.ctrlKey) faceletsDebug('/basic/icefaces.jsf?facelets.ui.DebugOutput=1274286830705'); else if (faceletsOrigKeyup) faceletsOrigKeyup(e); };
      //]]>
      </script>

      -------------
      <script language="javascript" type="text/javascript">
      //<![CDATA[
      function faceletsDebug(URL) { day = new Date(); id = day.getTime(); eval("page" + id + " = window.open(URL, '" + id + "', 'toolbar=0,scrollbars=1,location=0,statusbar=0,menubar=0,resizable=1,width=800,height=600,left = 240,top = 212');"); };var faceletsOrigKeyup = document.onkeyup; document.onkeyup = function(e) { if (window.event) e = window.event; if (String.fromCharCode(e.keyCode) == 'P' & e.shiftKey & e.ctrlKey) faceletsDebug('/basic/icefaces.jsf?facelets.ui.DebugOutput=1274286830705'); else if (faceletsOrigKeyup) faceletsOrigKeyup(e); };
      //]]>]]&gt;<![CDATA[
      </script>

      The desired output for the script contents is also shown. Note that the unescaped " ]]>" should appear literally during the initial full page response.

      It would be more efficient to have the component initially escape its output so that it was valid both inside and outside of a CDATA section (for instance, simply escape any <, > characters in the script rather than use CDATA) since this single escaped form could be used by all instances throughout the application (for all users and successive renderings of the page), but it is always possible for a component to write "]]>" so this must be guarded against. It may be useful to provide a mode where ]]> can be turned off for applications that are known not to output this sequence.

        Activity

        Repository Revision Date User Message
        ICEsoft Public SVN Repository #21451 Wed May 19 09:36:40 MDT 2010 ted.goddard escape CDATA end marker in partial response update sections (ICE-5742)
        Files Changed
        Commit graph MODIFY /icefaces/scratchpads/glimmer/core/src/main/java/org/icefaces/util/DOMUtils.java
        Commit graph MODIFY /icefaces/scratchpads/glimmer/core/src/main/java/org/icefaces/context/DOMPartialViewContext.java
        Ted Goddard created issue -
        Ted Goddard made changes -
        Field Original Value New Value
        Assignee Ted Goddard [ ted.goddard ]
        Ted Goddard made changes -
        Salesforce Case []
        Fix Version/s 2.0-Alpha3 [ 10032 ]
        Hide
        Ted Goddard added a comment -

        Verified for ui:debug.

        Show
        Ted Goddard added a comment - Verified for ui:debug.
        Ted Goddard made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Ken Fyten made changes -
        Fix Version/s 2.0.0 [ 10230 ]
        Ken Fyten made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            Ted Goddard
            Reporter:
            Ted Goddard
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: