ICEfaces
  1. ICEfaces
  2. ICE-7850

Textarea value requires input escaping

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.0
    • Fix Version/s: 3.0.1, EE-3.0.0.GA
    • Component/s: Framework
    • Labels:
      None
    • Environment:
      ICEfaces3

      Description

      Looking at ICE-7778 we can see that inputTextarea renders a textarea tag with the text being a child text node. This is different from inputText which uses a value attribute to store its text. When rendering accented characters, the ResponseWriter escapes the accented characters for the textarea, so that the text node actually contains ampersand hash number semicolon sequences. Then, the next lifecycle, when the exact same text is rendered, and the new dom is differenced to the old dom, the old dom then just contains the unescaped original accented characters, while the new dom has the escaped characters, so a difference is detected. But nothing different has been rendered. There's just something happening when loading the old dom that unescapes the strings. This doesn't break anything per se, but is less performant.

        Activity

        Hide
        Ted Goddard added a comment -

        applyBrowserChanges() is now escaping the textarea value upon input. The escaping of the textarea upon output cannot be altered as it appears to ICEfaces as a standard text node, which is always escaped to guard against cross-site scripting.

        Show
        Ted Goddard added a comment - applyBrowserChanges() is now escaping the textarea value upon input. The escaping of the textarea upon output cannot be altered as it appears to ICEfaces as a standard text node, which is always escaped to guard against cross-site scripting.
        Hide
        Ted Goddard added a comment -

        Changes to basic sample for reproducing the issue:

        Index: src/main/java/org/icefaces/demo/basic/Basic.java
        ===================================================================
        — src/main/java/org/icefaces/demo/basic/Basic.java (revision 28153)
        +++ src/main/java/org/icefaces/demo/basic/Basic.java (working copy)
        @@ -39,4 +39,13 @@
        return Long.toString(System.currentTimeMillis());
        }

        + private String testName = "HELLO £¢≠üå", testComments = "HELLO £¢≠üå";
        + public String getTestName()

        { System.out.println("getTestName: " + testName); return testName; }


        + public void setTestName(String tn)

        { + System.out.println("setTestName: " + testName);}


        + public String getTestComments()

        { System.out.println("getTestComments: " + testComments); return testComments; }


        + public void setTestComments(String tc)

        { + testComments = tc; + System.out.println(" setTestComments: " + testComments); }


        +
        }
        \ No newline at end of file
        Index: src/main/webapp/nonicefaces.xhtml
        ===================================================================
        — src/main/webapp/nonicefaces.xhtml (revision 28153)
        +++ src/main/webapp/nonicefaces.xhtml (working copy)
        @@ -58,6 +58,8 @@
        <h:outputLink id="lnk1" value="icefaces.jsf">ICEfaces Page</h:outputLink>
          
        <h:outputLink id="lnk2" value="nonicefaces.jsf">Stock JSF Page</h:outputLink>
        + <h:inputText value="#

        {basic.testName}" />
        + <h:inputTextarea value="#{basic.testComments}" />
        <h:messages/>
        </h:form>

        Index: src/main/webapp/icefaces.xhtml
        ===================================================================
        — src/main/webapp/icefaces.xhtml (revision 28153)
        +++ src/main/webapp/icefaces.xhtml (working copy)
        @@ -64,6 +64,8 @@
        <br/>
        <h:outputText id="time" value="#{basic.time}"/>
        <br/>
        + <h:inputText value="#{basic.testName}

        " />
        + <h:inputTextarea value="#

        {basic.testComments}

        " />
        <h:messages/>
        </h:form>

        Show
        Ted Goddard added a comment - Changes to basic sample for reproducing the issue: Index: src/main/java/org/icefaces/demo/basic/Basic.java =================================================================== — src/main/java/org/icefaces/demo/basic/Basic.java (revision 28153) +++ src/main/java/org/icefaces/demo/basic/Basic.java (working copy) @@ -39,4 +39,13 @@ return Long.toString(System.currentTimeMillis()); } + private String testName = "HELLO £¢≠üå", testComments = "HELLO £¢≠üå"; + public String getTestName() { System.out.println("getTestName: " + testName); return testName; } + public void setTestName(String tn) { + System.out.println("setTestName: " + testName);} + public String getTestComments() { System.out.println("getTestComments: " + testComments); return testComments; } + public void setTestComments(String tc) { + testComments = tc; + System.out.println(" setTestComments: " + testComments); } + } \ No newline at end of file Index: src/main/webapp/nonicefaces.xhtml =================================================================== — src/main/webapp/nonicefaces.xhtml (revision 28153) +++ src/main/webapp/nonicefaces.xhtml (working copy) @@ -58,6 +58,8 @@ <h:outputLink id="lnk1" value="icefaces.jsf">ICEfaces Page</h:outputLink>    <h:outputLink id="lnk2" value="nonicefaces.jsf">Stock JSF Page</h:outputLink> + <h:inputText value="# {basic.testName}" /> + <h:inputTextarea value="#{basic.testComments}" /> <h:messages/> </h:form> Index: src/main/webapp/icefaces.xhtml =================================================================== — src/main/webapp/icefaces.xhtml (revision 28153) +++ src/main/webapp/icefaces.xhtml (working copy) @@ -64,6 +64,8 @@ <br/> <h:outputText id="time" value="#{basic.time}"/> <br/> + <h:inputText value="#{basic.testName} " /> + <h:inputTextarea value="# {basic.testComments} " /> <h:messages/> </h:form>

          People

          • Assignee:
            Ted Goddard
            Reporter:
            Mark Collette
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: