Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-24250

Introduce JSP tab lib for escaping messages

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: Postponed
    • Component/s: Web Common

      Description

      Standard JSP tag library (JSTL) provides <fmt:format> but it currently doesn't support escaping messages. Do so currently we'd need to get the ResourceBundle and rely on something like 

       ${StringEscapeUtils.escapeJavaScript(bundle.getString(..)}

      or move org.nuxeo.ecm.platform.ui.web.tag.fn.Functions to nuxeo-web-common for it to work without JSF.
      We should set up a custom JSP tag library and review existing JSP pages to properly escape messages, especially when these are used as attribute values (where we need to escape quotes) or as JS strings (where we need to escape single quotes).

        Attachments

          Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. NXP-24146 Fix spreadsheet French messages catalog for message.spreadsheet.failedSave

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                nsilva Nelson Silva
                Participants:
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: