[richfaces-issues] [JBoss JIRA] (RF-13221) Incorrect XML encoding in AJAX response

Wed, 25 Sep 2013 07:58:36 -0700 

     [ 
https://issues.jboss.org/browse/RF-13221?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jonáš Trantina updated RF-13221:
--------------------------------

    Description: 
Consider the following example:
{noformat}
<h:form>
<a4j:commandButton render="@form" value="rerender me"/>

<script src="path_to_some_script?param=asd&amp;important=param"></script>

</h:form>
{noformat}
when commandButton is clicked, the form is rerendered and the response looks 
like this:
{noformat}
<partial-response><changes><update id="someID"><![CDATA[
   ...
  <script src="path_to_some_script?param=asd&amp;important=param"></script>
]]</ ... >
{noformat}
But this is wrong. Because script tag is already in CDATA, so there is no need 
for XML encoding for '&' entity.
This further causes script loading to fail (performed by jsf.js), whenever 
parameters are needed (e.g. portal environment), 
because script is downloaded from 
{noformat}"path_to_some_script?param=asd&amp;important=param" {noformat}
instead of {noformat}"path_to_some_script?param=asd&important=param"{noformat}.

Another very similar issue is when CDATA element is present in a re-rendered 
fragment. Example:
{noformat}
<h:form>
<a4j:commandButton render="@form" value="rerender me"/>

<style type="text/css">
/* <![CDATA[ */
      .somecssclass {...}
/* ]] */
</style>

</h:form>
{noformat}
The AJAX response then looks like so:
{noformat}
<partial-response><changes><update id="someID"><![CDATA[
...
   <![CDATA[
      ...
  ]]
...
]]</ ... >
{noformat}

And this is incorrect XML, since CDATA cannot contain ']]', so the response is 
discarded.

  was:
Consider the following example:
{noformat}
<h:form>
<a4j:commandButton render="@form" value="rerender me"/>

<script src="path_to_some_script?param=asd&amp;important=param"></script>

</h:form>
{noformat}
when commandButton is clicked, the form is rerendered and the response looks 
like this:
{noformat}
<partial-response><changes><update id="someID"><![CDATA[
   ...
  <script src="path_to_some_script?param=asd&amp;important=param"></script>
]]</ ... >
{noformat}
But this is wrong. Because script tag is already in CDATA, so there is no need 
for XML encoding for '&' entity.
This further causes script loading to fail (performed by jsf.js), whenever 
parameters are needed (e.g. portal environment), 
because script is downloaded from 
""path_to_some_script?param=asd&amp;important=param" 
instead of ""path_to_some_script?param=asd&important=param".

Another very similar issue is when CDATA element is present in a re-rendered 
fragment. Example:
{noformat}
<h:form>
<a4j:commandButton render="@form" value="rerender me"/>

<style type="text/css">
/* <![CDATA[ */
      .somecssclass {...}
/* ]] */
</style>

</h:form>
{noformat}
The AJAX response then looks like so:
{noformat}
<partial-response><changes><update id="someID"><![CDATA[
...
   <![CDATA[
      ...
  ]]
...
]]</ ... >
{noformat}

And this is incorrect XML, since CDATA cannot contain ']]', so the response is 
discarded.


    
> Incorrect XML encoding in AJAX response
> ---------------------------------------
>
>                 Key: RF-13221
>                 URL: https://issues.jboss.org/browse/RF-13221
>             Project: RichFaces
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>    Affects Versions: 4.3.4
>            Reporter: Jonáš Trantina
>
> Consider the following example:
> {noformat}
> <h:form>
> <a4j:commandButton render="@form" value="rerender me"/>
> <script src="path_to_some_script?param=asd&amp;important=param"></script>
> </h:form>
> {noformat}
> when commandButton is clicked, the form is rerendered and the response looks 
> like this:
> {noformat}
> <partial-response><changes><update id="someID"><![CDATA[
>    ...
>   <script src="path_to_some_script?param=asd&amp;important=param"></script>
> ]]</ ... >
> {noformat}
> But this is wrong. Because script tag is already in CDATA, so there is no 
> need for XML encoding for '&' entity.
> This further causes script loading to fail (performed by jsf.js), whenever 
> parameters are needed (e.g. portal environment), 
> because script is downloaded from 
> {noformat}"path_to_some_script?param=asd&amp;important=param" {noformat}
> instead of 
> {noformat}"path_to_some_script?param=asd&important=param"{noformat}.
> Another very similar issue is when CDATA element is present in a re-rendered 
> fragment. Example:
> {noformat}
> <h:form>
> <a4j:commandButton render="@form" value="rerender me"/>
> <style type="text/css">
> /* <![CDATA[ */
>       .somecssclass {...}
> /* ]] */
> </style>
> </h:form>
> {noformat}
> The AJAX response then looks like so:
> {noformat}
> <partial-response><changes><update id="someID"><![CDATA[
> ...
>    <![CDATA[
>       ...
>   ]]
> ...
> ]]</ ... >
> {noformat}
> And this is incorrect XML, since CDATA cannot contain ']]', so the response 
> is discarded.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

_______________________________________________
richfaces-issues mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/richfaces-issues

Reply via email to