Our sample gadget:
---------------
<?xml version="1.0" encoding="UTF-8"?>
<Module>
<ModulePrefs
        title="Add Prefered URL"
        description="Add your Website URL to expose that as Gadget"
        scrolling="true">
    <Require feature="opensocial-0.8" />
    <Require feature="dynamic-height" />
</ModulePrefs>
<UserPref name="WebURL" display_name="HTML Page URL" datatype="string"
required="true" default_value="http://example.com"/>
<Content type="url" href="__UP_WebURL__"/>
</Module>
---------------


Basically, in the gadget above, we have a user preference named
"WebURL". Then we specify a content element whose type is url.
   <Content type="url" href="__UP_WebURL__"/>
Note: value of attribute "href" will be replaced with the value of
user preference "WebURL" when the gadget is rendered.
For example, if the value of user preference "WebURL" is
"http://www.iub.edu";, the content element will be
   <Content type="url" href="http://www.iub.edu"/>
Then shindig rendering server issues an HTTP redirection response to
redirect user browser to the url (http://www.iub.edu in above
example).

The problem is that shindig code applies html escape to user
preference value always.

Related code is located in class
*org.apache.shindig.gadgets.variables.UserPrefSubstituter*:
   substituter.addSubstitution(Substitutions.Type.USER_PREF,
       name, StringEscapeUtils.escapeHtml(value));

For example, if the value of a user preference is
   "http://example.com/query?name=gerald&university=uni";,
it is transformed to
   "http://example.com/query?name=gerald&amp;university=uni";
Note: "&" is escaped into sequence "&amp;"
As a result, the url does not refer to the resource that we want to access.

Questions
1) Is my understanding correct?
2) If my understanding is correct, maybe a html unescape should be
applied to the url before http redirection is issued.

Thanks
Gerald

Reply via email to