Neil Griffin created PLUTO-723:
----------------------------------
Summary: PortletV3Demo DependencyPortlet does not encode the
exception message
Key: PLUTO-723
URL: https://issues.apache.org/jira/browse/PLUTO-723
Project: Pluto
Issue Type: Bug
Components: demo portlets
Affects Versions: 3.0.1
Reporter: Neil Griffin
Assignee: Neil Griffin
Fix For: 3.0.2
The PortletV3Demo has the following try/catch block:
{code:java|title=DependencyPortlet.java}
try {
resp.addDependency("Invalid", "attempt", "1.1.1", dep);
xmap.put(disp, "No exception");
} catch (Exception e) {
xmap.put(disp, e.toString());
}
{code}
The call to {{e.toString}} will put the textual message of the exception into
the map, which eventually gets rendered inside the portlet:
{code:html|title=dependencyDialog.jsp}
<h3>Tests for Bad Dependency Strings:</h3>
<c:forEach items="${xmap}" var="entry">
<p>
String: ${entry.key }<br>
Exception: ${entry.value }
</p>
</c:forEach>
{code}
The problem is that the {{e.toString}} textual message might contain special
HTML characters such as the less-than (<) character (as is the case with
Liferay Portal) which needs to be encoded. Otherwise the {{<script>}} that
follows will not become part of the DOM:
{code:html|dependencyDialog.jsp}
<script>
$(document).ready(function(){
$("#<portlet:namespace/>button").click(function(){
var txt = "jQuery version: " + $().jquery;
$("#<portlet:namespace/>fadeText").text(txt);
$("#<portlet:namespace/>fadeBox").fadeIn(3000);
});
});
</script>
{code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
