Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-24250

Introduce JSP tab lib for escaping messages

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: Postponed
    • Component/s: Web Common

      Description

      Standard JSP tag library (JSTL) provides <fmt:format> but it currently doesn't support escaping messages. Do so currently we'd need to get the ResourceBundle and rely on something like

       ${StringEscapeUtils.escapeJavaScript(bundle.getString(..)} 

      or move org.nuxeo.ecm.platform.ui.web.tag.fn.Functions to nuxeo-web-common for it to work without JSF.
      We should set up a custom JSP tag library and review existing JSP pages to properly escape messages, especially when these are used as attribute values (where we need to escape quotes) or as JS strings (where we need to escape single quotes).

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                nsilva Nelson Silva
                Participants:
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:

                  PagerDuty

                  Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.