Avoiding escape of special characters used in javascript

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Avoiding escape of special characters used in javascript

gihrig
Hello,

I'm creating a bookmarklet on the server side and pushing the javascript to the client via th:href. This works OK, but characters in the javascript like single quote, less than and ampersand are encoded as their corresponding html entities. This is not causing a functional problem, it's just that I would like avoid adding the unnecessary characters to the javascript.

If there were th:utext equivalents for other tags, th:uhref and th:uonclick for example, I think that is what I'm after. Is there any kind of workaround for this?

Server side code:
Spring MVC controller:

String bookmarklet = "javascript:(function(){var u='http://...',d=document,w=window,a=d.getElementsByTagName('LINK'), etc.
uiModel.addAttribute("bookmarklet", bookmarklet);

Thymeleaf template:

<a href="javascript:void(0);" th:href="${bookmarklet}" th:onclick="${bookmarkletMsg}">

Rendered html:

<a href="javascript:(function(){var u='http://...',d=document,w=window,a=d.getElementsByTagName('LINK'), etc.

I'm using
Thymeleaf 2.0.14
Spring MVC 3.1.1

Thanks,

-Glen
Reply | Threaded
Open this post in threaded view
|

Re: Avoiding escape of special characters used in javascript

danielfernandez
Administrator
Hi,

If I understand correctly, you are looking for something that allows you to output XML-unescaped text to tag attributes (like "href").

The problem is, this is forbidden by the XHTML and XML specs. No XML entities (this is: <, >, ", & and ') can appear in tag attributes unescaped (and what's more, Internet Explorer does not recognize &apos; for ' and has to be output like &#39;). Technically speaking, the HTML5 spec does not specifically forbid this so you should be able to send the browser unescaped attributes (as well as unquoted, for instance), but this non-XML-wellformedness would not be in turn parsable by thymeleaf's own parser, so it doesn't make much sense that output like that is allowed. That's why attributes are always escaped.

This said, Thymeleaf's template writers are pluggable, and if this attribute escaping is a problem for you you could specify your own implementation of ITemplateWriter in order to output attributes in a way that fits your needs better...

Regards,
Daniel.
Reply | Threaded
Open this post in threaded view
|

Re: Avoiding escape of special characters used in javascript

Abhishek
Hi,

I have a problem, where i would like to render the value of string with unescaped in the inline java script of thymeleaf.
Ex: abc =/*[[${xyz}]]*/;
expectedOutput: abc = "hello="world"".
Actual output: abc = "hello=\'world\"".

Tried many things, like thymeleaf escapeJavaScript/unescapeJavaScript. But nothing works. Please let me know if we can achieve this through thymeleaf. I am using Spring MVC to pas the value of xyz as attribute.

Thanks,
Abhishek
Reply | Threaded
Open this post in threaded view
|

Re: Avoiding escape of special characters used in javascript

Yugakiran
Hi Abhishek,

I'm using thymeleaf and trying to render java script variable as HTML

however I end up having same problem. Do you have any solution of this issue?
Any help or suggestions would be appreciated

Thanks
Yuga
Reply | Threaded
Open this post in threaded view
|

Re: Avoiding escape of special characters used in javascript

keithwalmar
In reply to this post by gihrig