freemarker-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Těthal (JIRA) <j...@apache.org>
Subject [jira] [Comment Edited] (FREEMARKER-16) js_string buit-in function escapes '/' for first character
Date Wed, 16 Mar 2016 08:08:33 GMT

    [ https://issues.apache.org/jira/browse/FREEMARKER-16?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15193468#comment-15193468
] 

Martin Těthal edited comment on FREEMARKER-16 at 3/16/16 8:07 AM:
------------------------------------------------------------------

In our solution it is not neccessary to escape those combinations. It is very similar to {{?j_string}}
where double-quotas are expected before and after
String x = "${val?j_string}";
but when we need to use single-quotation for attributes (JSTL on some Java EE servers needs
only apostrophes for dynamic attributes) the string has to escape both {{'}} and {{"}}.
myattribute='<%= "This string ${has?j_string} to be escaped with both" %>'
As Java strings suports both {{\'}} and {{\"}} (https://docs.oracle.com/javase/tutorial/java/data/characters.html)
my suggestion is to extend {{?j_string}} to escape both.


was (Author: mtethal):
In our solution it is not neccessary to escape those combinations. It is very similar to ?j_string
where double-quotas are expected before and after
String x = "${val?j_string}";
but when we need to use single-quotation for attributes (JSTL on some Java EE servers needs
only apostrophes for dynamic attributes) the string has to escape both ' and ".
myattribute='<%= "This string ${has?j_string} to be escaped with both" %>'
As Java strings suports both \' and \" (https://docs.oracle.com/javase/tutorial/java/data/characters.html)
my suggestion is to extend ?j_string to escape both.

> js_string buit-in function escapes '/' for first character
> ----------------------------------------------------------
>
>                 Key: FREEMARKER-16
>                 URL: https://issues.apache.org/jira/browse/FREEMARKER-16
>             Project: Apache Freemarker
>          Issue Type: Bug
>          Components: engine
>    Affects Versions: 2.3.23
>            Reporter: Martin Těthal
>            Assignee: Daniel Dekany
>            Priority: Minor
>
> ${"bar/foo"?js_string} returns "bar/foo"
> but
> ${"/foo"?js_string} returns "\/foo" (the first slash character is escaped by backslash).
> I think the problem is from version 2.3.1 as documentation says:
> Starting from FreeMarker 2.3.1, it also escapes > as \> (to avoid </script>).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message