Escaping of nbsp

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Escaping of nbsp

kleeven
In some of our templates we use the html   in order to really see the spaces we use. I've however seen that since thymeleaf 2.1.3 the escaping is working differently. I've seen that the escaping has been improved and found that we did some things wrong in other templates that used € for euro signs. For   I've seen the following:
<text th:utext="'&nbsp;'" th:remove="tag"/>
 will give a regular space, &nbsp; in my test case gives a fault.
When using
<text th:utext="#{nbsp}" th:remove="tag"/>
 with the nbsp property set to &nbsp; I do get a result of &nbsp;.

Is this supposed to happen or did I run into a bug?
Reply | Threaded
Open this post in threaded view
|

Re: Escaping of nbsp

danielfernandez
Administrator
XML/HTML attributes are considered to be HTML-escaped (not a thymeleaf thing, HTML works that way).

So by using "&nbsp;" in your th:utext you are actually telling HTML that you want a non-breaking space character in that attribute's value, and you express it with its named character reference or textual escaping code ("&nbsp;"). Which is not needed because non-breaking spaces do not need to (but can) be escaped in HTML attributes -- the only mandatory escaping is that of >, <, & and " (or ')

So in order to create a literal object actually containing the six characters of the named character reference of a non-breaking space in your attribute, you should have written "&amp;nbsp;".

Your externalized message works because it's not written inside an HTML attribute, but an external file instead. So HTML escaping rules for attributes do not apply.
Reply | Threaded
Open this post in threaded view
|

Re: Escaping of nbsp

kleeven
Aha! Thanks for the explanation, I get it now.
Reply | Threaded
Open this post in threaded view
|

Re: Escaping of nbsp

bhiles
I have an &copy; in a messages.properties that doesn't get processed correctly. Before 2.1.3, it came out as ©l. Now it comes out as the code &copy; How do I get this to work right?
Reply | Threaded
Open this post in threaded view
|

Re: Escaping of nbsp

bhiles
Figured it out. As was mentioned in the first post (and I missed it) to use the utext not text.