freemarker-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Jarvis (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (FREEMARKER-115) Included file gets parsed (double ampersands converted)
Date Tue, 21 May 2019 06:29:00 GMT

     [ https://issues.apache.org/jira/browse/FREEMARKER-115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dave Jarvis updated FREEMARKER-115:
-----------------------------------
    Description: 
Using FMPP with FreeMarker to render a document. The main document resembles:
{code:java}
<#assign updated = .now>
<!doctype html>
<html lang="en">
<head>
  <meta charset="utf-8"/>
</head>
<body>
  <main>
    <article>
      <#include "includes/html/body.html" parse=false>
    </article>
  </main>
</body>
</html>
{code}
The file *includes/html/body.html* contains:
{code:java}
<div class="code">
<pre><code>SCRIPT_DIR=&quot;\
  $(\
    cd &quot;$(dirname &quot;${BASH_SRC_DIR[0]}&quot;)&quot; \
    &gt;/dev/null 2&gt;&amp;1 \
    &amp;&amp; pwd\
  )&quot;
SCRIPT_NAME=$(basename $0)</code></pre>
</div>
{code}
Note the *&amp;&amp;*. When the main document is parsed by FreeMarker,
the resulting document contains:
{code:java}
<div class="code"><pre><code>SCRIPT_DIR="\
  $(\
    cd "$(dirname "${BASH_SRC_DIR[0]}")" \
    &gt;/dev/null 2&gt;&amp;1 \
    &amp;& pwd\
  )"
SCRIPT_NAME=$(basename $0)</code></pre></div>
{code}
Note the  *&amp;&*, which is invalid HTML (again, ignore the underscore). The
following line from the main document does not appear to prevent the engine from meddling
with the contents, despite *parse=false* being set:
{code:java}
<#include "includes/html/body.html" parse=false>
{code}
The expected result, of course, is  *&amp;&amp;* as per:
{code:java}
    &amp;&amp; pwd\
{code}
A larger concern is that FreeMarker produced invalid HTML that wasn't caught in a unit test.

  was:
Using FMPP with FreeMarker to render a document. The main document resembles:
{code:java}
<#assign updated = .now>
<!doctype html>
<html lang="en">
<head>
  <meta charset="utf-8"/>
</head>
<body>
  <main>
    <article>
      <#include "includes/html/body.html" parse=false>
    </article>
  </main>
</body>
</html>
{code}
The file *includes/html/body.html* contains:
{code:java}
<div class="code">
<pre><code>SCRIPT_DIR=&quot;\
  $(\
    cd &quot;$(dirname &quot;${BASH_SRC_DIR[0]}&quot;)&quot; \
    &gt;/dev/null 2&gt;&amp;1 \
    &amp;&amp; pwd\
  )&quot;
SCRIPT_NAME=$(basename $0)</code></pre>
</div>
{code}
Note the &amp;  &amp; **. When the main document is parsed by FreeMarker,
the resulting document contains:
{code:java}
<div class="code"><pre><code>SCRIPT_DIR="\
  $(\
    cd "$(dirname "${BASH_SRC_DIR[0]}")" \
    &gt;/dev/null 2&gt;&amp;1 \
    &amp;& pwd\
  )"
SCRIPT_NAME=$(basename $0)</code></pre></div>
{code}
Note the  &amp; &, which is invalid HTML (again, ignore the underscore). The
following line from the main document does not appear to prevent the engine from meddling
with the contents, despite *parse=false* being set:
{code:java}
<#include "includes/html/body.html" parse=false>
{code}
The expected result, of course, is  &amp; &amp; (yes, ignore the underscores
again), as per:
{code:java}
    &amp;&amp; pwd\
{code}
A larger concern is that FreeMarker produced invalid HTML that wasn't caught in a unit test.


> Included file gets parsed (double ampersands converted)
> -------------------------------------------------------
>
>                 Key: FREEMARKER-115
>                 URL: https://issues.apache.org/jira/browse/FREEMARKER-115
>             Project: Apache Freemarker
>          Issue Type: Bug
>          Components: engine
>    Affects Versions: 2.3.28
>            Reporter: Dave Jarvis
>            Priority: Major
>
> Using FMPP with FreeMarker to render a document. The main document resembles:
> {code:java}
> <#assign updated = .now>
> <!doctype html>
> <html lang="en">
> <head>
>   <meta charset="utf-8"/>
> </head>
> <body>
>   <main>
>     <article>
>       <#include "includes/html/body.html" parse=false>
>     </article>
>   </main>
> </body>
> </html>
> {code}
> The file *includes/html/body.html* contains:
> {code:java}
> <div class="code">
> <pre><code>SCRIPT_DIR=&quot;\
>   $(\
>     cd &quot;$(dirname &quot;${BASH_SRC_DIR[0]}&quot;)&quot; \
>     &gt;/dev/null 2&gt;&amp;1 \
>     &amp;&amp; pwd\
>   )&quot;
> SCRIPT_NAME=$(basename $0)</code></pre>
> </div>
> {code}
> Note the *&amp;&amp;*. When the main document is parsed by FreeMarker,
the resulting document contains:
> {code:java}
> <div class="code"><pre><code>SCRIPT_DIR="\
>   $(\
>     cd "$(dirname "${BASH_SRC_DIR[0]}")" \
>     &gt;/dev/null 2&gt;&amp;1 \
>     &amp;& pwd\
>   )"
> SCRIPT_NAME=$(basename $0)</code></pre></div>
> {code}
> Note the  *&amp;&*, which is invalid HTML (again, ignore the underscore).
The following line from the main document does not appear to prevent the engine from meddling
with the contents, despite *parse=false* being set:
> {code:java}
> <#include "includes/html/body.html" parse=false>
> {code}
> The expected result, of course, is  *&amp;&amp;* as per:
> {code:java}
>     &amp;&amp; pwd\
> {code}
> A larger concern is that FreeMarker produced invalid HTML that wasn't caught in a unit
test.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message