Re: [Wicket-develop] Thoughts on default html escaping in Wicket core

Thu, 01 Dec 2005 14:25:30 -0800 

On 12/1/05, Johan Compagner <[EMAIL PROTECTED]> wrote:
> still don't know if we can do that currently easy.

Yes, it may not be that easy.
But it will be increasingly difficult to correct as time passes, and
code base grows ...

I really think this problem should be solved asap if possible.

> I don't know for example what happens if we escape twice (Which will happen
> if we escape all the values now)

For sure, it will not work correctly if values are escaped twice.

> Because we do need to keep the getModelAsString() escaping we can't remove
> that there because not all strings
> that are get from there are used as attributes. It can also be used as body.

The getModelAsString() method name isn't representative at all of what
the method really does !
Nor is the javadoc, which states : "Gets a model object as a string."

Shouldn't there be something like a getModelAsHtmlString() that calls
getModelAsString() (which does no escaping) and applies the algorithm
devoted to checking the FLAG_ESCAPE_MODEL_STRINGS flag and apply the
escaping as needed by the component ?


it will indeed be difficult to make this refactoring, but it is important, IMHO.


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
_______________________________________________
Wicket-develop mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wicket-develop

Reply via email to