commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wannheden, Knut" <knut.wannhe...@paranor.ch>
Subject RE: [jelly] body as unescaped xml
Date Wed, 19 Mar 2003 18:21:47 GMT
I have now investigated a little bit in this problem and here is what I've
found out.

The following script exposes the mentioned problem:

<j:jelly xmlns:j="jelly:core">

	<j:set var="foo">
		<foo/>
	</j:set>
	${foo}

</j:jelly>

I expected the output to be "<foo></foo>" but it is actually
"&lt;foo&gt;&lt;/foo&gt;".

It was suggested to set the "encode" attribute of the <j:set/> tag to false,
because the default is true.  This does however for two resons not fix the
problem:

 1. The "encode" attribute controls whether body text passed to the
XMLOutput should be encoded using XML entities.  The keyword being _text_.
The body of the <j:set/> tag does however not contain any text, only an XML
element which Jelly parses into a tag (StaticTag).  So there is nothing to
encode in the XMLOutput.

 2. Now since the "encode" attribute doesn't have any effect in this case,
the value of the variable "foo" is a String of value "<foo></foo>".  As the
variable is dereferenced with "${foo}" in the script it is naturally written
as text to the XMLOutput of the enclosing <j:jelly/> tag.  And now, since an
XMLOutput instance by default escapes body text, the variable value is
written as "&lt;foo&gt;&lt;/foo&gt;" to the XMLOutput.

Now the question is whether the current behaviour of Jelly in a case like
this is actually the desired behaviour.  If not, then the solution would be
to change the factory methods in XMLOutput to return an instance which
doesn't escape body text using XML entities, unless otherwise specified.

Of course, if this change was made, then the quesion of how to output XML in
escaped form comes up.  Should Jelly provide a tag for this purpose?  Or
should the "encode" attribute be available for all tags (like "trim")?  Or
should even the Expression syntax be extended to allow control over how the
expression is escaped (I've actually encountered this solution in some
template languages)?  IMHO the best solution would be to change the default
behaviour of XMLOutput so it doesn't escape body text.  What do you think?

Cheers,

--
knut

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message