freemarker-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Těthal (JIRA) <>
Subject [jira] [Commented] (FREEMARKER-16) js_string buit-in function escapes '/' for first character
Date Mon, 14 Mar 2016 13:42:33 GMT


Martin Těthal commented on FREEMARKER-16:

We have been used this built-in (?js_string) for escaping both " and ' for JSTL tag attributes.
Specifically where single-quotas are required (simplified <f:MyTag value='${val?js_string}'
/>). Escapation of "/" character is not expected here. I understand that ?js_string is
used for JavaScript escaping so the documentation of jsStringEnc method in your reply is much
more complex to do this job. We expected the behaviour of
documentation. We'll rewrite it to ${val?j_string?replace("'", "\'")}, but if you'll plan
to add some other built-in to do this simple job (ie. escape single & double quotas and
characters under 0x20) it will be welcomed.

> js_string buit-in function escapes '/' for first character
> ----------------------------------------------------------
>                 Key: FREEMARKER-16
>                 URL:
>             Project: Apache Freemarker
>          Issue Type: Bug
>          Components: engine
>    Affects Versions: 2.3.23
>            Reporter: Martin Těthal
>            Priority: Minor
> ${"bar/foo"?js_string} returns "bar/foo"
> but
> ${"/foo"?js_string} returns "\/foo" (the first slash character is escaped by backslash).
> I think the problem is from version 2.3.1 as documentation says:
> Starting from FreeMarker 2.3.1, it also escapes > as \> (to avoid </script>).

This message was sent by Atlassian JIRA

View raw message