freemarker-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Těthal (JIRA) <j...@apache.org>
Subject [jira] [Comment Edited] (FREEMARKER-16) js_string buit-in function escapes '/' for first character
Date Mon, 14 Mar 2016 15:22:33 GMT

    [ https://issues.apache.org/jira/browse/FREEMARKER-16?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15193468#comment-15193468
] 

Martin Těthal edited comment on FREEMARKER-16 at 3/14/16 3:22 PM:
------------------------------------------------------------------

In our solution it is not neccessary to escape those combinations. It is very similar to <tt>?j_string</tt>
where double-quotas are expected before and after
<tt>String x = "${val?j_string}";</tt>
but when we need to use single-quotation for attributes (JSTL on some Java EE servers needs
only apostrophes for dynamic attributes) the string has to escape both <tt>'</tt>
and <tt>"</tt>.
<tt>myattribute='<%= "This string ${has?j_string} to be escaped with both" %>'</tt>
As Java strings suports both <tt>\'</tt> and <tt>\"</tt> (https://docs.oracle.com/javase/tutorial/java/data/characters.html)
my suggestion is to extend <tt>?j_string</tt> to escape both.


was (Author: mtethal):
In our solution it is not neccessary to escape those combinations. It is very similar to ?j_string
where double-quotas are expected before and after
String x = "${val?j_string}";
but when we need to use single-quotation for attributes (JSTL on some Java EE servers needs
only apostrophes for dynamic attributes) the string has to escape both ' and ".
myattribute='<%= "This string ${has?j_string} to be escaped with both" %>'
As Java strings suports both \' and \" (https://docs.oracle.com/javase/tutorial/java/data/characters.html)
my suggestion is to extend ?j_string to escape both.

> js_string buit-in function escapes '/' for first character
> ----------------------------------------------------------
>
>                 Key: FREEMARKER-16
>                 URL: https://issues.apache.org/jira/browse/FREEMARKER-16
>             Project: Apache Freemarker
>          Issue Type: Bug
>          Components: engine
>    Affects Versions: 2.3.23
>            Reporter: Martin Těthal
>            Assignee: Daniel Dekany
>            Priority: Minor
>
> ${"bar/foo"?js_string} returns "bar/foo"
> but
> ${"/foo"?js_string} returns "\/foo" (the first slash character is escaped by backslash).
> I think the problem is from version 2.3.1 as documentation says:
> Starting from FreeMarker 2.3.1, it also escapes > as \> (to avoid </script>).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message