shale-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Gary VanMatre)
Subject Re: Clay not escaping strings?
Date Thu, 09 Aug 2007 15:53:27 GMT
>From: "Richard Eggert" <> 
> I'm using Clay with HTML templates in an application on which I am working. In 
> several cases, I refer to managed bean properties directly in my template text 
> (e.g., <p>#{mybean.prop}</p>). I recently noticed MyFaces' ReducedHTMLParser

> throwing exceptions about malformed HTML. Not finding any problems in my HTML 
> template itself, I looked at the generated page source and discovered that in 
> cases where a managed bean property contained special characters (in my case, 
> less-than and greater-than signs), Clay is apparently not escaping them before 
> rendering them. 
> Is this a bug in Clay or a "feature" (or a configuration problem on my part)? 

This is a "feature" :-).  The way that Clay works is that any markup in the 
template that doesn't map to a JSF component is treated as "verbatim".
If the markup contains a value binding expression, it's evaluated but there
is not an attempt to identify (parse out) a inline expression within the markup.

In the example above, the value expression would equate to the following:

ValueBinding vb = FacesContext.getCurrentInstance().createValueBinding("<p>#{mybean.prop}</p>");

Something you might try is wrapping these expressions is a span tag 
mapped to an outputText component.


<p><span jsfid="outputText" escape="true">#{mybean.prop}</span></p>).

> Is there any workaround aside from putting calls to 
> org.apache.commons.lang.StringEscapeUtils.escapeHtml() in every managed bean 
> "getter" method that returns a String or wrapping all references in > escape="true">?

> I'm using Shale v1.0.4. 
> Rich Eggert 
> Member of Technical Staff 
> Proteus Technologies, LLC 


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message