Our sample gadget:
---------------
<?xml version="1.0" encoding="UTF-8"?>
<Module>
<ModulePrefs
title="Add Prefered URL"
description="Add your Website URL to expose that as Gadget"
scrolling="true">
<Require feature="opensocial-0.8" />
<Require feature="dynamic-height" />
</ModulePrefs>
<UserPref name="WebURL" display_name="HTML Page URL" datatype="string"
required="true" default_value="http://example.com"/>
<Content type="url" href="__UP_WebURL__"/>
</Module>
---------------
Basically, in the gadget above, we have a user preference named
"WebURL". Then we specify a content element whose type is url.
<Content type="url" href="__UP_WebURL__"/>
Note: value of attribute "href" will be replaced with the value of
user preference "WebURL" when the gadget is rendered.
For example, if the value of user preference "WebURL" is
"http://www.iub.edu";, the content element will be
<Content type="url" href="http://www.iub.edu"/>
Then shindig rendering server issues an HTTP redirection response to
redirect user browser to the url (http://www.iub.edu in above
example).
The problem is that shindig code applies html escape to user
preference value always.
Related code is located in class
*org.apache.shindig.gadgets.variables.UserPrefSubstituter*:
substituter.addSubstitution(Substitutions.Type.USER_PREF,
name, StringEscapeUtils.escapeHtml(value));
For example, if the value of a user preference is
"http://example.com/query?name=gerald&university=uni";,
it is transformed to
"http://example.com/query?name=gerald&university=uni";
Note: "&" is escaped into sequence "&"
As a result, the url does not refer to the resource that we want to access.
Questions
1) Is my understanding correct?
2) If my understanding is correct, maybe a html unescape should be
applied to the url before http redirection is issued.
Thanks
Gerald
