From commits-return-18295-archive-asf-public=cust-asf.ponee.io@struts.apache.org Wed Jan 16 09:01:12 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 20E40180645 for ; Wed, 16 Jan 2019 09:01:10 +0100 (CET) Received: (qmail 91620 invoked by uid 500); 16 Jan 2019 08:01:09 -0000 Mailing-List: contact commits-help@struts.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@struts.apache.org Delivered-To: mailing list commits@struts.apache.org Received: (qmail 91609 invoked by uid 99); 16 Jan 2019 08:01:09 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Jan 2019 08:01:09 +0000 Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33) id 1D88987112; Wed, 16 Jan 2019 08:01:09 +0000 (UTC) Date: Wed, 16 Jan 2019 08:01:09 +0000 To: "commits@struts.apache.org" Subject: [struts-site] branch asf-site updated: Updates production by Jenkins MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Message-ID: <154762566903.10349.2108669795396981451@gitbox.apache.org> From: git-site-role@apache.org X-Git-Host: gitbox.apache.org X-Git-Repo: struts-site X-Git-Refname: refs/heads/asf-site X-Git-Reftype: branch X-Git-Oldrev: b1b414ea4f424a1a57890852805700fd9a27f531 X-Git-Newrev: 21ad1cc4189417f55ac587fe9b04bb20e2759997 X-Git-Rev: 21ad1cc4189417f55ac587fe9b04bb20e2759997 X-Git-NotificationType: ref_changed_plus_diff X-Git-Multimail-Version: 1.5.dev Auto-Submitted: auto-generated This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 21ad1cc Updates production by Jenkins 21ad1cc is described below commit 21ad1cc4189417f55ac587fe9b04bb20e2759997 Author: jenkins AuthorDate: Wed Jan 16 08:01:07 2019 +0000 Updates production by Jenkins --- content/{announce.html => announce-2018.html} | 2 +- content/announce.html | 234 +++--------------------- content/core-developers/interceptors.html | 7 +- content/core-developers/struts-default-xml.html | 7 +- content/download.html | 84 ++++----- content/index.html | 22 +-- content/releases.html | 2 +- content/tag-developers/css-xhtml-theme.html | 18 +- content/tag-developers/xhtml-theme.html | 24 +-- 9 files changed, 106 insertions(+), 294 deletions(-) diff --git a/content/announce.html b/content/announce-2018.html similarity index 99% copy from content/announce.html copy to content/announce-2018.html index 46f662f..a768e3b 100644 --- a/content/announce.html +++ b/content/announce-2018.html @@ -125,7 +125,7 @@
- Edit on GitHub + Edit on GitHub

Announcements 2018

diff --git a/content/announce.html b/content/announce.html index 46f662f..8514feb 100644 --- a/content/announce.html +++ b/content/announce.html @@ -7,7 +7,7 @@ - Announcements 2018 + Announcements 2019 @@ -127,63 +127,20 @@
Edit on GitHub -

Announcements 2018

+

Announcements 2019

- Skip to: Announcements - 2017 + Skip to: Announcements - 2018

-

14 November 2018 - Apache Struts 2.3.x End-Of-Life (EOL) Announcement

+

14 January 2019 - Struts 2.5.20 General Availability

-

The Apache Struts Project Team would like to inform you that the Struts 2.3.x web framework will reach -its end of life in 6 months and won’t be longer officially supported.

- -

Please check the following reading to find more details.

- - - -

15 October 2018 - Struts 2.3.36 General Availability

- -

The Apache Struts group is pleased to announce that Struts 2.3.36 is available as a “General Availability” -release. The GA designation is our highest quality grade.

- -

This release addresses one backward compatibility issue:

- - - -

Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. -The framework is designed to streamline the full development cycle, from building, to deploying, -to maintaining applications over time.

- -

All developers are strongly advised to perform this action.

- -

The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions: -Servlet API 2.4, JSP API 2.0, and Java 6.

- -

Should any issues arise with your use of any version of the Struts framework, please post your comments -to the user list, and, if appropriate, file a tracking ticket.

- -

You can download this version from our download page.

- -

15 October 2018 - Struts 2.5.18 General Availability

- -

The Apache Struts group is pleased to announce that Struts 2.5.18 is available as a “General Availability” +

The Apache Struts group is pleased to announce that Struts 2.5.20 is available as a “General Availability” release. The GA designation is our highest quality grade.

Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. @@ -193,60 +150,17 @@ to maintaining applications over time.

Below is a full list of all changes:

    -
  • jar_cache Some jar_cache**.tmp files are generated into a temporary directory(/tmp) during web service start
    • -
  • Struts 2.5.16 is creating jar_cache files in temp folder
    • -
  • MD5 and SHA1 should no longer be provided on download pages
    • -
  • xml-validation fails since struts 2.5.17
    • -
- -

Internal Changes:

- -
    -
  • XWorkList was moved into a com.opensymphony.xwork2.conversion.impl package as com.opensymphony.xwork2.util package is excluded -by the Internal Security Mechanism.
    • -
- -

Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. -The framework is designed to streamline the full development cycle, from building, to deploying, -to maintaining applications over time.

- -

All developers are strongly advised to perform this action.

- -

The 2.5.x series of the Apache Struts framework has a minimum requirement of the following specification versions: -Servlet API 2.4, JSP API 2.0, and Java 7.

- -

Should any issues arise with your use of any version of the Struts framework, please post your comments -to the user list, and, if appropriate, file a tracking ticket.

- -

You can download this version from our download page.

- -

22 August 2018 - CVE-2018-11776 Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16

- -

CVEID:CVE-2018-11776

- -

PRODUCT:Apache Struts

- -

VERSION:Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16

- -

PROBLEMTYPE:Remote Code Execution

- -

REFERENCES:S2-057

- -

DESCRIPTION:Man Yue Mo from the Semmle Security Research team was noticed that Apache Struts versions 2.3 to 2.3.34 and -2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its -upper action(s) have no or wildcard namespace. Same possibility when using url tag which doesn’t have value and action -set and in same time, its upper action(s) have no or wildcard namespace.

- -

22 August 2018 - Struts 2.5.17 General Availability

- -

The Apache Struts group is pleased to announce that Struts 2.5.17 is available as a “General Availability” -release. The GA designation is our highest quality grade.

- -

In addition to critical overall proactive security improvements, this release addresses one potential security vulnerability:

- -
    -
  • Possible Remote Code Execution when using results with no namespace and in same time, its upper action(s) have no or -wildcard namespace. Same possibility when using url tag which doesn’t have value and action set. - S2-057
    • +
  • s:include tag fails with truncated content in certain circumstances
    • +
  • NullPointerException in DefaultStaticContentLoader#findStaticResource
    • +
  • Fixing flaky test in Jsr168DispatcherTest and Jsr286DispatcherTest
    • +
  • Static files like css and js files in struts-core not properly served
    • +
  • Race condition reloading config results in actions not found
    • +
  • Setting Struts2 options Css Class
    • +
  • Enhancement for s:set tag to improve tag body whitespace control.
    • +
  • Add support for Java 11
    • +
  • Upgraded commons-fileupload to version 1.4
    • +
  • Update multiple Struts 2.5.x libraries to more recent versions
    • +
  • Update OGNL versions for 2.6 and 2.5.x builds

Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. @@ -263,16 +177,17 @@ to the user list, and, if appropriate, file a tracking ticket.

You can download this version from our download page.

-

22 August 2018 - Struts 2.3.35 General Availability

+

30 December 2018 - Struts 2.3.37 General Availability

-

The Apache Struts group is pleased to announce that Struts 2.3.35 is available as a “General Availability” +

The Apache Struts group is pleased to announce that Struts 2.3.37 is available as a “General Availability” release. The GA designation is our highest quality grade.

-

In addition to critical overall proactive security improvements, this release addresses one potential security vulnerability:

+

This release addresses one backward compatibility issue:

    -
  • Possible Remote Code Execution when using results with no namespace and in same time, its upper action(s) have no or -wildcard namespace. Same possibility when using url tag which doesn’t have value and action set. - S2-057
    • +
  • Struts 2.3.36 - InvalidPathException: Illegal char <:> on JDK 9,10,11 on windows
    • +
  • Error when upgrading to struts2.3.35
    • +
  • Upgraded commons-fileupload to version 1.4

Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. @@ -289,107 +204,8 @@ to the user list, and, if appropriate, file a tracking ticket.

You can download this version from our download page.

-

27 March 2018 - A crafted XML request can be used to perform a DoS attack when using the Struts REST plugin

- -

The Apache Security Struts Team recommends to immediately upgrade your Struts 2 based projects to use the latest released -version of the Apache Struts. This is necessary to prevent your publicly accessible web site, which is using the Struts -REST plugin and performing XML serialisation, from being exposed to possible DoS attack.

- -

You can find more details in a Security Bulletin S2-056

- -

All developers are strongly advised to perform this action.

- -

23 March 2018 - Immediately upgrade commons-fileupload to version 1.3.3

- -

The Apache Struts Team recommends to immediately upgrade your Struts 2 -based projects to use the latest released version of Commons -FileUpload library, which is currently 1.3.3. This is necessary to -prevent your publicly accessible web site from being exposed to -possible Remote Code Execution attacks (see [1] [2]).

- -

This affects any Struts version prior to 2.5.12 [3].

- -

Your project is affected if it uses the built-in file upload mechanism -of Struts 2, which defaults to the use of commons-fileupload. The -updated commons-fileupload library is a drop-in replacement for the -vulnerable version. Deployed applications can be hardened by replacing -the commons-fileupload jar file in WEB-INF/lib with the fixed jar. For -Maven based Struts 2 projects, the following dependency needs to be -added:

- -
<dependency>
-  <groupId>commons-fileupload</groupId>
-  <artifactId>commons-fileupload</artifactId>
-  <version>1.3.3</version>
-</dependency>
-
-
- -

More details can be found here:

- -
    -
  1. https://issues.apache.org/jira/browse/FILEUPLOAD-279
    2. -
  2. https://nvd.nist.gov/vuln/detail/CVE-2016-1000031
    3. -
  3. https://issues.apache.org/jira/browse/WW-4812
    4. -
- -

All developers are strongly advised to perform this action.

- -

16 March 2018 - Struts 2.5.16 General Availability

- -

The Apache Struts group is pleased to announce that Struts 2.5.16 is available as a “General Availability” -release. The GA designation is our highest quality grade.

- -

Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. -The framework is designed to streamline the full development cycle, from building, to deploying, -to maintaining applications over time.

- -

Below is a full list of all changes:

- -
    -
  • unclosed instantiation of PrintWriter
    • -
  • Http Sessions forcefully created for all requests using I18nInterceptor with default Storage value.
    • -
  • NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper
    • -
  • NotSerializableException: com.opensymphony.xwork2.inject.ContainerImpl$ConstructorInjector when using ExecuteAndWait -interceptor
    • -
  • ClassCastException in JarEntryRevision
    • -
  • Dependency Mapping Exception When Using PrefixBasedActionProxyFactory
    • -
  • The converter() method of com.opensymphony.xwork2.conversion.annotations.TypeConversion is now deprecated. If this -method is removed in some next release, it will forbid to describe a converter by the name (id) of a Spring bean.
    • -
  • Conversion by annotation does not work
    • -
  • List of Boolean is not populated in Action class
    • -
  • JSONResult exception in struts2-json-plugin-2.5.14.1.jar
    • -
  • buttons with name=”method:METHODNAME” sometimes ignore global-allowed-methods defined in struts.xml
    • -
  • Could not create JarEntryRevision for [zip:C:/…. unknown protocol c
    • -
  • NPE in I18nInterceptor$SessionLocaleHandler.read
    • -
  • JasperReportResult: NPE When Not Using SQL Connection
    • -
  • support JSR 303 Validation Groups in BeanValidation-Plugin
    • -
  • Debug tag should not display anything when not in dev mode
    • -
  • Allow using of Initializable interface on an implementation level
    • -
  • Allowed methods inheritance
    • -
  • Allow use Jackson XML bindings to serialise / deserialise XML
    • -
  • when using an custom array as a filed in struts 2 action form textfiled data from jsp page in not populating into -custom array but populating in String array or array list
    • -
  • Upgrade Spring to version 4.3.13
    • -
  • Update Log4j2 to 2.10.0
    • -
- -
-

Please read the Version Notes to find more details about performed bug fixes and improvements.

-
- -

All developers are strongly advised to perform this action.

- -

The 2.5.x series of the Apache Struts framework has a minimum requirement of the following specification versions: -Servlet API 2.4, JSP API 2.0, and Java 7.

- -

Should any issues arise with your use of any version of the Struts framework, please post your comments -to the user list, and, if appropriate, file a tracking ticket.

- -

You can download this version from our download page.

-

- Skip to: Announcements - 2017 + Skip to: Announcements - 2018

diff --git a/content/core-developers/interceptors.html b/content/core-developers/interceptors.html index e965204..c74b793 100644 --- a/content/core-developers/interceptors.html +++ b/content/core-developers/interceptors.html @@ -288,6 +288,7 @@ than reiterate the same list of Interceptors, we can bundle these Interceptors t freemarker.ext.rhino., sun.reflect., javassist., + org.objectweb.asm., com.opensymphony.xwork2.ognl., com.opensymphony.xwork2.security., com.opensymphony.xwork2.util." /> @@ -295,7 +296,7 @@ than reiterate the same list of Interceptors, we can bundle these Interceptors t <bean class="com.opensymphony.xwork2.ObjectFactory" name="struts"/> <bean type="com.opensymphony.xwork2.factory.ResultFactory" name="struts" class="org.apache.struts2.factory.StrutsResultFactory" /> <bean type="com.opensymphony.xwork2.factory.ActionFactory" name="struts" class="com.opensymphony.xwork2.factory.DefaultActionFactory" /> - <bean type="com.opensymphony.xwork2.factory.ConverterFactory" name="struts" class="com.opensymphony.xwork2.factory.DefaultConverterFactory" /> + <bean type="com.opensymphony.xwork2.factory.ConverterFactory" name="struts" class="com.opensymphony.xwork2.factory.StrutsConverterFactory" /> <bean type="com.opensymphony.xwork2.factory.InterceptorFactory" name="struts" class="com.opensymphony.xwork2.factory.DefaultInterceptorFactory" /> <bean type="com.opensymphony.xwork2.factory.ValidatorFactory" name="struts" class="com.opensymphony.xwork2.factory.DefaultValidatorFactory" /> <bean type="com.opensymphony.xwork2.factory.UnknownHandlerFactory" name="struts" class="com.opensymphony.xwork2.factory.DefaultUnknownHandlerFactory" /> @@ -340,8 +341,8 @@ than reiterate the same list of Interceptors, we can bundle these Interceptors t <bean type="com.opensymphony.xwork2.conversion.ConversionPropertiesProcessor" name="struts" class="com.opensymphony.xwork2.conversion.impl.DefaultConversionPropertiesProcessor" /> <bean type="com.opensymphony.xwork2.conversion.ConversionFileProcessor" name="struts" class="com.opensymphony.xwork2.conversion.impl.DefaultConversionFileProcessor" /> <bean type="com.opensymphony.xwork2.conversion.ConversionAnnotationProcessor" name="struts" class="com.opensymphony.xwork2.conversion.impl.DefaultConversionAnnotationProcessor" /> - <bean type="com.opensymphony.xwork2.conversion.TypeConverterCreator" name="struts" class="com.opensymphony.xwork2.conversion.impl.DefaultTypeConverterCreator" /> - <bean type="com.opensymphony.xwork2.conversion.TypeConverterHolder" name="struts" class="com.opensymphony.xwork2.conversion.impl.DefaultTypeConverterHolder" /> + <bean type="com.opensymphony.xwork2.conversion.TypeConverterCreator" name="struts" class="org.apache.struts2.conversion.StrutsTypeConverterCreator" /> + <bean type="com.opensymphony.xwork2.conversion.TypeConverterHolder" name="struts" class="org.apache.struts2.conversion.StrutsTypeConverterHolder" /> <bean class="com.opensymphony.xwork2.conversion.impl.XWorkBasicConverter" /> diff --git a/content/core-developers/struts-default-xml.html b/content/core-developers/struts-default-xml.html index 791689b..41a296c 100644 --- a/content/core-developers/struts-default-xml.html +++ b/content/core-developers/struts-default-xml.html @@ -203,6 +203,7 @@ setting in struts.properties.

freemarker.ext.rhino., sun.reflect., javassist., + org.objectweb.asm., com.opensymphony.xwork2.ognl., com.opensymphony.xwork2.security., com.opensymphony.xwork2.util." /> @@ -210,7 +211,7 @@ setting in struts.properties.

<bean class="com.opensymphony.xwork2.ObjectFactory" name="struts"/> <bean type="com.opensymphony.xwork2.factory.ResultFactory" name="struts" class="org.apache.struts2.factory.StrutsResultFactory" /> <bean type="com.opensymphony.xwork2.factory.ActionFactory" name="struts" class="com.opensymphony.xwork2.factory.DefaultActionFactory" /> - <bean type="com.opensymphony.xwork2.factory.ConverterFactory" name="struts" class="com.opensymphony.xwork2.factory.DefaultConverterFactory" /> + <bean type="com.opensymphony.xwork2.factory.ConverterFactory" name="struts" class="com.opensymphony.xwork2.factory.StrutsConverterFactory" /> <bean type="com.opensymphony.xwork2.factory.InterceptorFactory" name="struts" class="com.opensymphony.xwork2.factory.DefaultInterceptorFactory" /> <bean type="com.opensymphony.xwork2.factory.ValidatorFactory" name="struts" class="com.opensymphony.xwork2.factory.DefaultValidatorFactory" /> <bean type="com.opensymphony.xwork2.factory.UnknownHandlerFactory" name="struts" class="com.opensymphony.xwork2.factory.DefaultUnknownHandlerFactory" /> @@ -255,8 +256,8 @@ setting in struts.properties.

<bean type="com.opensymphony.xwork2.conversion.ConversionPropertiesProcessor" name="struts" class="com.opensymphony.xwork2.conversion.impl.DefaultConversionPropertiesProcessor" /> <bean type="com.opensymphony.xwork2.conversion.ConversionFileProcessor" name="struts" class="com.opensymphony.xwork2.conversion.impl.DefaultConversionFileProcessor" /> <bean type="com.opensymphony.xwork2.conversion.ConversionAnnotationProcessor" name="struts" class="com.opensymphony.xwork2.conversion.impl.DefaultConversionAnnotationProcessor" /> - <bean type="com.opensymphony.xwork2.conversion.TypeConverterCreator" name="struts" class="com.opensymphony.xwork2.conversion.impl.DefaultTypeConverterCreator" /> - <bean type="com.opensymphony.xwork2.conversion.TypeConverterHolder" name="struts" class="com.opensymphony.xwork2.conversion.impl.DefaultTypeConverterHolder" /> + <bean type="com.opensymphony.xwork2.conversion.TypeConverterCreator" name="struts" class="org.apache.struts2.conversion.StrutsTypeConverterCreator" /> + <bean type="com.opensymphony.xwork2.conversion.TypeConverterHolder" name="struts" class="org.apache.struts2.conversion.StrutsTypeConverterHolder" /> <bean class="com.opensymphony.xwork2.conversion.impl.XWorkBasicConverter" /> diff --git a/content/download.html b/content/download.html index f010df2..3c60405 100644 --- a/content/download.html +++ b/content/download.html @@ -189,26 +189,26 @@

Full Releases

-

Struts 2.5.18

+

Struts 2.5.20

- Apache Struts 2.5.18 is an elegant, extensible + Apache Struts 2.5.20 is an elegant, extensible framework for creating enterprise-ready Java web applications. It is available in a full distribution, or as separate library, source, example and documentation distributions. - Struts 2.5.18 is the "best available" version of Struts in the 2.5 series. + Struts 2.5.20 is the "best available" version of Struts in the 2.5 series.

-

Struts 2.3.36

+

Struts 2.3.37

  • - Version Notes + Version Notes
  • Full Distribution:
    • @@ -285,9 +285,9 @@
  • Example Applications:
    • @@ -295,9 +295,9 @@
  • Essential Dependencies Only:
    • @@ -305,9 +305,9 @@
  • All Dependencies:
    • @@ -315,9 +315,9 @@
  • Documentation:
    • @@ -325,9 +325,9 @@
  • Source:
    • diff --git a/content/index.html b/content/index.html index 012b331..b33e8e1 100644 --- a/content/index.html +++ b/content/index.html @@ -131,7 +131,7 @@ extensible using a plugin architecture, and ships with plugins to support REST, AJAX and JSON.

    - + Download @@ -151,19 +151,19 @@

    -

    Apache Struts 2.5.18 GA

    +

    Apache Struts 2.5.20 GA

    - Apache Struts 2.5.18 GA has been released
    on 15 October 2018. + Apache Struts 2.5.20 GA has been released
    on 14 January 2019.

    - Read more in     Announcement or in - Version notes + Read more in Announcement or in + Version notes
    -

    Apache Struts 2.3.36 GA

    +

    Apache Struts 2.3.37 GA

    It's the latest release of Struts 2.3.x which contains the latest security fixes, - released on 15 October 2018.
    Read more in Announcement or in - Version notes + released on 30 December 2018.
    Read more in Announcement or in + Version notes

    @@ -186,12 +186,6 @@

    -

    Immediately upgrade to version 2.5.18 or 2.3.36

    -

    - The Apache Security Struts Team recommends to immediately upgrade your Struts 2 based projects to use - the latest released version of the Apache Struts to prevent possible RCE attack when using results with no namespace, - reported in S2-057. Read more in Announcement. -

    diff --git a/content/releases.html b/content/releases.html index 1163aa0..267659a 100644 --- a/content/releases.html +++ b/content/releases.html @@ -147,7 +147,7 @@ diff --git a/content/tag-developers/css-xhtml-theme.html b/content/tag-developers/css-xhtml-theme.html index e74e126..1aed008 100644 --- a/content/tag-developers/css-xhtml-theme.html +++ b/content/tag-developers/css-xhtml-theme.html @@ -167,16 +167,16 @@ the HTML tags are wrapped by a standard header and footer. For example, in the < */ --> <input<#rt/> - type="${(parameters.type!"text")?html}"<#rt/> - name="${(parameters.name!"")?html}"<#rt/> + type="${(parameters.type!"text")}"<#rt/> + name="${(parameters.name!"")}"<#rt/> <#if parameters.get("size")?has_content> - size="${parameters.get("size")?html}"<#rt/> + size="${parameters.get("size")}"<#rt/> </#if> <#if parameters.maxlength?has_content> - maxlength="${parameters.maxlength?html}"<#rt/> + maxlength="${parameters.maxlength}"<#rt/> </#if> <#if parameters.nameValue??> - value="${parameters.nameValue?html}"<#rt/> + value="${parameters.nameValue}"<#rt/> </#if> <#if parameters.disabled!false> disabled="disabled"<#rt/> @@ -185,14 +185,14 @@ the HTML tags are wrapped by a standard header and footer. For example, in the < readonly="readonly"<#rt/> </#if> <#if parameters.tabindex?has_content> - tabindex="${parameters.tabindex?html}"<#rt/> + tabindex="${parameters.tabindex}"<#rt/> </#if> <#if parameters.id?has_content> - id="${parameters.id?html}"<#rt/> + id="${parameters.id}"<#rt/> </#if> <#include "/${parameters.templateDir}/${parameters.expandTheme}/css.ftl" /> <#if parameters.title?has_content> - title="${parameters.title?html}"<#rt/> + title="${parameters.title}"<#rt/> </#if> <#include "/${parameters.templateDir}/${parameters.expandTheme}/scripting-events.ftl" /> <#include "/${parameters.templateDir}/${parameters.expandTheme}/common-attributes.ftl" /> @@ -287,7 +287,7 @@ ${parameters.after!}<#t/> errorFor="${parameters.id}"<#rt/> </#if> class="errorMessage"> - ${error?html} + ${error} </div><#t/> </#list> </div><#t/> diff --git a/content/tag-developers/xhtml-theme.html b/content/tag-developers/xhtml-theme.html index 0f1180f..f842e44 100644 --- a/content/tag-developers/xhtml-theme.html +++ b/content/tag-developers/xhtml-theme.html @@ -218,7 +218,7 @@ the ajax theme) contents:

    <#include "/${parameters.templateDir}/${parameters.expandTheme}/controlheader-core.ftl" /> <td <#if parameters.align?? > - class="align-${parameters.align?html}" + class="align-${parameters.align}" <#else > class="tdInput" </#if> @@ -254,7 +254,7 @@ the ajax theme) contents:

    <#list fieldErrors[parameters.name] as error> <tr errorFor="${parameters.id}"> <td class="tdErrorMessage" colspan="2"><#rt/> - <span class="errorMessage">${error?html}</span><#t/> + <span class="errorMessage">${error}</span><#t/> </td><#lt/> </tr> </#list> @@ -278,7 +278,7 @@ the ajax theme) contents:

    <#if parameters.label??> <label <#t/> <#if parameters.id??> - for="${parameters.id?html}" <#t/> + for="${parameters.id}" <#t/> </#if> <#if hasFieldErrors> class="errorLabel"<#t/> @@ -289,11 +289,11 @@ the ajax theme) contents:

    <#if (parameters.required!false) && ((parameters.requiredPosition!"right") != 'right')> <span class="required">*</span><#t/> </#if> -${parameters.label?html}<#t/> +${parameters.label}<#t/> <#if (parameters.required!false) && ((parameters.requiredPosition!"right") == 'right')> <span class="required">*</span><#t/> </#if> -${parameters.labelseparator!":"?html}<#t/> +${parameters.labelseparator!":"}<#t/> <#include "/${parameters.templateDir}/${parameters.expandTheme}/tooltip.ftl" /> </label><#t/> </#if> @@ -349,7 +349,7 @@ ${parameters.after!}<#t/> <#list fieldErrors[parameters.name] as error> <tr errorFor="${parameters.id}"> <td class="tdErrorMessage" colspan="2"><#rt/> - <span class="errorMessage">${error?html}</span><#t/> + <span class="errorMessage">${error}</span><#t/> </td><#lt/> </tr> </#list> @@ -469,10 +469,10 @@ wrapping table, the opening and closing templates also, if the true, enable true, enable