ICEfaces
  1. ICEfaces
  2. ICE-7850

Textarea value requires input escaping

          Details

          • Type: Bug Bug
          • Status: Closed
          • Priority: Major Major
          • Resolution: Fixed
          • Affects Version/s: 3.0
          • Fix Version/s: 3.0.1, EE-3.0.0.GA
          • Component/s: Framework
          • Labels:
            None
          • Environment:
            ICEfaces3

            Description

            Looking at ICE-7778 we can see that inputTextarea renders a textarea tag with the text being a child text node. This is different from inputText which uses a value attribute to store its text. When rendering accented characters, the ResponseWriter escapes the accented characters for the textarea, so that the text node actually contains ampersand hash number semicolon sequences. Then, the next lifecycle, when the exact same text is rendered, and the new dom is differenced to the old dom, the old dom then just contains the unescaped original accented characters, while the new dom has the escaped characters, so a difference is detected. But nothing different has been rendered. There's just something happening when loading the old dom that unescapes the strings. This doesn't break anything per se, but is less performant.

              Activity

              Ascending order - Click to sort in descending order
              Mark Collette created issue -
              Repository Revision Date User Message
              ICEsoft Public SVN Repository #28155 Mon Mar 05 10:19:35 MST 2012 ted.goddard escape textarea value on input (ICE-7850)
              Files Changed
              Commit graph MODIFY /icefaces3/trunk/icefaces/core/src/main/java/org/icefaces/impl/context/DOMPartialViewContext.java
              Repository Revision Date User Message
              ICEsoft Public SVN Repository #28156 Mon Mar 05 10:35:48 MST 2012 ted.goddard escape textarea value on input (ICE-7850)
              Files Changed
              Commit graph MODIFY /icefaces3/branches/icefaces-3.0.x-maintenance/icefaces/core/src/main/java/org/icefaces/impl/context/DOMPartialViewContext.java
              Ted Goddard made changes -
              Field Original Value New Value
              Assignee Ted Goddard [ ted.goddard ]
              Hide
              Permalink
              Ted Goddard added a comment -

              applyBrowserChanges() is now escaping the textarea value upon input. The escaping of the textarea upon output cannot be altered as it appears to ICEfaces as a standard text node, which is always escaped to guard against cross-site scripting.

              Show
              Ted Goddard added a comment - applyBrowserChanges() is now escaping the textarea value upon input. The escaping of the textarea upon output cannot be altered as it appears to ICEfaces as a standard text node, which is always escaped to guard against cross-site scripting.
              Ted Goddard made changes -
              Status Open [ 1 ] Resolved [ 5 ]
              Fix Version/s EE-3.0.0.GA [ 10262 ]
              Resolution Fixed [ 1 ]
              Ted Goddard made changes -
              Summary Text node unescaping on old dom restore Textarea value requires input escaping
              Salesforce Case []
              Hide
              Permalink
              Ted Goddard added a comment -

              Changes to basic sample for reproducing the issue:

              Index: src/main/java/org/icefaces/demo/basic/Basic.java
              ===================================================================
              — src/main/java/org/icefaces/demo/basic/Basic.java (revision 28153)
              +++ src/main/java/org/icefaces/demo/basic/Basic.java (working copy)
              @@ -39,4 +39,13 @@
              return Long.toString(System.currentTimeMillis());
              }

              + private String testName = "HELLO £¢≠üå", testComments = "HELLO £¢≠üå";
              + public String getTestName()

              { System.out.println("getTestName: " + testName); return testName; }


              + public void setTestName(String tn)

              { + System.out.println("setTestName: " + testName);}


              + public String getTestComments()

              { System.out.println("getTestComments: " + testComments); return testComments; }


              + public void setTestComments(String tc)

              { + testComments = tc; + System.out.println(" setTestComments: " + testComments); }


              +
              }
              \ No newline at end of file
              Index: src/main/webapp/nonicefaces.xhtml
              ===================================================================
              — src/main/webapp/nonicefaces.xhtml (revision 28153)
              +++ src/main/webapp/nonicefaces.xhtml (working copy)
              @@ -58,6 +58,8 @@
              <h:outputLink id="lnk1" value="icefaces.jsf">ICEfaces Page</h:outputLink>
                
              <h:outputLink id="lnk2" value="nonicefaces.jsf">Stock JSF Page</h:outputLink>
              + <h:inputText value="#

              {basic.testName}" />
              + <h:inputTextarea value="#{basic.testComments}" />
              <h:messages/>
              </h:form>

              Index: src/main/webapp/icefaces.xhtml
              ===================================================================
              — src/main/webapp/icefaces.xhtml (revision 28153)
              +++ src/main/webapp/icefaces.xhtml (working copy)
              @@ -64,6 +64,8 @@
              <br/>
              <h:outputText id="time" value="#{basic.time}"/>
              <br/>
              + <h:inputText value="#{basic.testName}

              " />
              + <h:inputTextarea value="#

              {basic.testComments}

              " />
              <h:messages/>
              </h:form>

              Show
              Ted Goddard added a comment - Changes to basic sample for reproducing the issue: Index: src/main/java/org/icefaces/demo/basic/Basic.java =================================================================== — src/main/java/org/icefaces/demo/basic/Basic.java (revision 28153) +++ src/main/java/org/icefaces/demo/basic/Basic.java (working copy) @@ -39,4 +39,13 @@ return Long.toString(System.currentTimeMillis()); } + private String testName = "HELLO £¢≠üå", testComments = "HELLO £¢≠üå"; + public String getTestName() { System.out.println("getTestName: " + testName); return testName; } + public void setTestName(String tn) { + System.out.println("setTestName: " + testName);} + public String getTestComments() { System.out.println("getTestComments: " + testComments); return testComments; } + public void setTestComments(String tc) { + testComments = tc; + System.out.println(" setTestComments: " + testComments); } + } \ No newline at end of file Index: src/main/webapp/nonicefaces.xhtml =================================================================== — src/main/webapp/nonicefaces.xhtml (revision 28153) +++ src/main/webapp/nonicefaces.xhtml (working copy) @@ -58,6 +58,8 @@ <h:outputLink id="lnk1" value="icefaces.jsf">ICEfaces Page</h:outputLink>    <h:outputLink id="lnk2" value="nonicefaces.jsf">Stock JSF Page</h:outputLink> + <h:inputText value="# {basic.testName}" /> + <h:inputTextarea value="#{basic.testComments}" /> <h:messages/> </h:form> Index: src/main/webapp/icefaces.xhtml =================================================================== — src/main/webapp/icefaces.xhtml (revision 28153) +++ src/main/webapp/icefaces.xhtml (working copy) @@ -64,6 +64,8 @@ <br/> <h:outputText id="time" value="#{basic.time}"/> <br/> + <h:inputText value="#{basic.testName} " /> + <h:inputTextarea value="# {basic.testComments} " /> <h:messages/> </h:form>
              Ken Fyten made changes -
              Salesforce Case []
              Fix Version/s 3.0.1 [ 10282 ]
              Ken Fyten made changes -
              Status Resolved [ 5 ] Closed [ 6 ]

                People

                • Assignee:
                  Ted Goddard
                  Reporter:
                  Mark Collette
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  0 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: