Details
-
Type: Bug
-
Status: Closed
-
Priority: Major
-
Resolution: Fixed
-
Affects Version/s: EE-1.8.2.GA_P04, 3.1
-
Fix Version/s: EE-3.0.0.GA_P01, 3.2, EE-1.8.2.GA_P05
-
Component/s: ICE-Components
-
Labels:None
-
Environment:All
Description
This looks to have been resolved for the standard JSF components through this JSF JIRA: http://java.net/jira/browse/JAVASERVERFACES-542
-
Hide
- Case11492Example.war
- 7.25 MB
- Arran Mccullough
-
- META-INF/MANIFEST.MF 0.1 kB
- META-INF/context.xml 0.1 kB
- WEB-INF/classes/com/.../example/Item.class 0.3 kB
- WEB-INF/classes/.../example/TestBean.class 0.8 kB
- WEB-INF/faces-config.xml 0.7 kB
- WEB-INF/lib/FastInfoset.jar 281 kB
- WEB-INF/lib/backport-util-concurrent.jar 316 kB
- WEB-INF/lib/commons-beanutils.jar 113 kB
- WEB-INF/lib/commons-collections.jar 162 kB
- WEB-INF/lib/commons-digester.jar 104 kB
- WEB-INF/lib/commons-fileupload.jar 56 kB
- WEB-INF/lib/commons-logging.jar 30 kB
- WEB-INF/lib/icefaces-comps.jar 1.75 MB
- WEB-INF/lib/icefaces-facelets.jar 592 kB
- WEB-INF/lib/icefaces.jar 1.22 MB
- WEB-INF/lib/jsf-api.jar 312 kB
- WEB-INF/lib/jsf-impl.jar 1.14 MB
- WEB-INF/lib/jstl.jar 20 kB
- WEB-INF/lib/jxl.jar 689 kB
- WEB-INF/.../krysalis-jCharts-1.0.0-alpha-1.jar 148 kB
- WEB-INF/lib/standard.jar 380 kB
- WEB-INF/web.xml 4 kB
- welcomeICEfaces.xhtml 1.0 kB
-
- Case11492Example.zip
- 19 kB
- Arran Mccullough
-
Hide
- Case11492Example2.war
- 9.31 MB
- Arran Mccullough
-
- META-INF/MANIFEST.MF 0.1 kB
- META-INF/context.xml 0.1 kB
- WEB-INF/classes/com/.../example/Item.class 0.3 kB
- WEB-INF/classes/.../example/TestBean.class 0.9 kB
- WEB-INF/lib/commons-beanutils.jar 226 kB
- WEB-INF/lib/commons-collections.jar 558 kB
- WEB-INF/lib/commons-digester.jar 140 kB
- WEB-INF/lib/commons-logging.jar 52 kB
- WEB-INF/lib/icefaces-ace.jar 2.88 MB
- WEB-INF/lib/icefaces-compat.jar 2.67 MB
- WEB-INF/lib/icefaces.jar 329 kB
- WEB-INF/lib/javax.faces.jar 2.47 MB
- WEB-INF/web.xml 2 kB
- welcomeICEfaces.xhtml 1 kB
-
- Case11492Example2.zip
- 19 kB
- Arran Mccullough
Activity
- All
- Comments
- History
- Activity
- Remote Attachments
- Subversion
Attached test case that shows this is still and issue in ICEfaces 3.1.0
The problem is in the com.icesoft.faces.renderkit.dom_html_basic.CommandLinkRenderer. Part of it's job is to render out the onclick handler. The script for that handler is responsible for setting and then clearing the parameters and looks something like this:
<a class="iceCmdLnk"
href="javascript:;"
id="iceForm:j_idt9"
onblur="setFocus('');"
onclick= "var form=formOf(this);
//Set the values
form['iceForm:j_idcl'].value='iceForm:j_idt9';
form['name'].value='ICEfaces's Issue';
//Submit the form
iceSubmit(form,this,event);
//Clear the values
form['iceForm:j_idcl'].value='';
form['name'].value='';
return false;"
onfocus="setFocus(this.id);">
The problem is obvious as when an apostrophe is included, it's not properly escaped with a backslash (\') which leads to invalid JavaScript. I don't believe this requires the full escaping that is done via DOMUtils.escapeAnsi() as the contents are simply a valid JavaScript string. Instead, we just need to properly escape the single quote.
I added a function to escape single quotes in the renderer and run each parameter through it. I applied and tested this on both ICEfaces 1.8.x and 3.x and both test cases now work - properly submitting the form.
problem: this yields a NPE when passing an empty param value!
protected static String getJavascriptHiddenFieldSetters(
FacesContext facesContext,
UICommand uiCommand, Map parameters) {
StringBuffer buffer;
buffer = new StringBuffer("var form=formOf(this);form['");
buffer.append(deriveCommonHiddenFieldName(facesContext, uiCommand));
buffer.append("'].value='");
buffer.append(uiCommand.getClientId(facesContext));
buffer.append("';");
Iterator parameterKeys = parameters.keySet().iterator();
while (parameterKeys.hasNext())
return buffer.toString();
}
Case ICE-8749 has been opened for this issue and a fix checked into the current ICEfaces 3 trunk for future releases.
Attached test case that shows issue.
Steps: