ICEfaces
  1. ICEfaces
  2. ICE-6393

Compat components incorrectly escaping certain unicode characters

          Details

          • Type: Bug Bug
          • Status: Closed
          • Priority: Major Major
          • Resolution: Fixed
          • Affects Version/s: 2.0-Beta2
          • Fix Version/s: 2.0.0
          • Component/s: ICE-Components
          • Labels:
            None
          • Environment:
            ICEfaces

            Description


            The following xhtml source results in the ice:commandLink value displaying Nächster

                    <ice:outputText value="Nächster" /><br/>
                    <ice:commandLink value="Nächster" /><br/>
                    <ice:commandLink ><ice:outputText value="Nächster" /></ice:commandLink><br/>
                    <h:commandLink value="Nächster" /><br/>
            1. screenshot-01.png
              175 kB
            2. screenshot-02.png
              70 kB
            3. screenshot-03.png
              69 kB
            4. screenshot-04.png
              225 kB
            5. screenshot-05.png
              264 kB
            6. screenshot-06.png
              261 kB
            7. screenshot-07.png
              214 kB
            8. screenshot-08.png
              214 kB

              Issue Links

              blocks

              Bug - A problem which impairs or prevents the functions of the product. ICE-6287 iso-8859-1 chars become UTF-8 in IE

              • Major - Major loss of function.
              • Closed

                Activity

                Ascending order - Click to sort in descending order
                Hide
                Permalink
                Ted Goddard added a comment -

                Likely instigated by the fix for ICE-5854. We must be careful not to introduce a cross site scripting vulnerability when adjusting this fix.

                Show
                Ted Goddard added a comment - Likely instigated by the fix for ICE-5854 . We must be careful not to introduce a cross site scripting vulnerability when adjusting this fix.
                Hide
                Permalink
                Ted Goddard added a comment -

                DOMUtils.createTextNode is performing escaping, so this does not need to be done by CommandLinkRenderer itself.

                Show
                Ted Goddard added a comment - DOMUtils.createTextNode is performing escaping, so this does not need to be done by CommandLinkRenderer itself.
                Hide
                Permalink
                Ken Fyten added a comment -

                It looks like more compat components need to be modified to remove their specific escaping calls, since this will result in double escaping:

                • SelectIntputTextRenderer.java
                • MenuItemRenderer.java
                • PanelTabSetRenderer.java
                • OutputProgress.java
                • OutputChart.java
                • OutputConnectionStatusRenderer.java
                Show
                Ken Fyten added a comment - It looks like more compat components need to be modified to remove their specific escaping calls, since this will result in double escaping: SelectIntputTextRenderer.java MenuItemRenderer.java PanelTabSetRenderer.java OutputProgress.java OutputChart.java OutputConnectionStatusRenderer.java
                Hide
                Permalink
                yip.ng added a comment - - edited

                No double escaping in OutputProgress. See screenshots 7 and 8.

                Show
                yip.ng added a comment - - edited No double escaping in OutputProgress. See screenshots 7 and 8.
                Hide
                Permalink
                Ted Goddard added a comment -

                If the text editor supports unicode, the test can be created as in the description with unicode text directly in the component values.

                Show
                Ted Goddard added a comment - If the text editor supports unicode, the test can be created as in the description with unicode text directly in the component values.
                Hide
                Permalink
                yip.ng added a comment -

                No double escaping in OutputChart. See screenshot 6.

                Show
                yip.ng added a comment - No double escaping in OutputChart. See screenshot 6.
                Hide
                Permalink
                yip.ng added a comment -

                MenuItemRenderer, OutputConnectionStatusRenderer and PanelTabSetRenderer done. See screenshots 3, 4, 5.

                Two occurrences of escapeAnsi() in SelectInputTextRenderer. One was removed. (It was nested within createTextNode().) The other still not sure. Not easy to test SelectInputText. Need to figure out how dictionary is generated and how to modify item labels first.

                Revision: 23652

                Modified : /icefaces2/trunk/icefaces/compat/components/src/main/java/com/icesoft/faces/component/menubar/MenuItemRenderer.java
                Modified : /icefaces2/trunk/icefaces/compat/components/src/main/java/com/icesoft/faces/component/outputconnectionstatus/OutputConnectionStatusRenderer.java
                Modified : /icefaces2/trunk/icefaces/compat/components/src/main/java/com/icesoft/faces/component/paneltabset/PanelTabSetRenderer.java
                Modified : /icefaces2/trunk/icefaces/compat/components/src/main/java/com/icesoft/faces/component/selectinputtext/SelectInputTextRenderer.java

                Show
                yip.ng added a comment - MenuItemRenderer, OutputConnectionStatusRenderer and PanelTabSetRenderer done. See screenshots 3, 4, 5. Two occurrences of escapeAnsi() in SelectInputTextRenderer. One was removed. (It was nested within createTextNode().) The other still not sure. Not easy to test SelectInputText. Need to figure out how dictionary is generated and how to modify item labels first. Revision: 23652 Modified : /icefaces2/trunk/icefaces/compat/components/src/main/java/com/icesoft/faces/component/menubar/MenuItemRenderer.java Modified : /icefaces2/trunk/icefaces/compat/components/src/main/java/com/icesoft/faces/component/outputconnectionstatus/OutputConnectionStatusRenderer.java Modified : /icefaces2/trunk/icefaces/compat/components/src/main/java/com/icesoft/faces/component/paneltabset/PanelTabSetRenderer.java Modified : /icefaces2/trunk/icefaces/compat/components/src/main/java/com/icesoft/faces/component/selectinputtext/SelectInputTextRenderer.java
                Hide
                Permalink
                yip.ng added a comment -

                No more changes required for SelectInputTextRenderer. See video at http://screencast.com/t/2Ogi9W4HSEWf.

                Show
                yip.ng added a comment - No more changes required for SelectInputTextRenderer. See video at http://screencast.com/t/2Ogi9W4HSEWf .

                  People

                  • Assignee:
                    yip.ng
                    Reporter:
                    Ted Goddard
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    0 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: