On Monday 16. November 2009 19.56.25 Ronny Løvtangen wrote:
> Wow, that was fast!
>
> The problem you mention that you have to set escape to false to be able use
> escapeXml, is already a problem in 2.1.8.1 with escapeJavascript I guess? The
> string is first html-escaped and then javascript-escaped.
> Could be fixed by guarding 'escape' with the other attributes:
>
> private String prepare(String value) {
> if (escapeXml) {
> return StringEscapeUtils.escapeXml(result);
> }
> if (escapeJavaScript) {
> return StringEscapeUtils.escapeJavaScript(result);
> }
> if (escape) {
> return StringEscapeUtils.escapeHtml(result);
> }
> return result;
> }
>
> (or with 'else if' if there's a policy against multiple returns)
>
>
> But.. What if you for some reason wants to escape both javascript and xml..
> (would you ever?)
Yes, at leas I would. I sometimes end up having to embed HTML/XML in either
JS-variables or as URLEncoded in an HTML-attribute, so escaping multiple times
does give a meaning to me at least.
--
Andreas Joseph Krogh <[email protected]>
Senior Software Developer / CTO
------------------------+---------------------------------------------+
OfficeNet AS | The most difficult thing in the world is to |
Rosenholmveien 25 | know how to do a thing and to watch |
1414 Trollåsen | somebody else doing it wrong, without |
NORWAY | comment. |
| |
Tlf: +47 24 15 38 90 | |
Fax: +47 24 15 38 91 | |
Mobile: +47 909 56 963 | |
------------------------+---------------------------------------------+
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
