Html escaping characters inside ElementProcessor

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Html escaping characters inside ElementProcessor

ramonchu
Hi, I'm trying to do a custom dialect for helping to write bootstrap helpers. But I have a stopper trying to write javascript directly from ElementProcessor, beacuse thymeleaf always escape html entities (') and javascript can not be parsed by navigator.

The code is:

                String translated = ...;
                Element js = new Element("script");
                js.setAttribute("type", "text/javascript");
                js.addChild(new Text("showflash('" + translated + "');", false));
                js.setProcessable(false);
                formElem.insertChild(0, js);

The result is always the same, with Text or with CDATASection:

                showflash('Datos incorrectos');


Any idea?
Thanks! And good job for Thymeleaf, it's very interesting.
Reply | Threaded
Open this post in threaded view
|

Re: Html escaping characters inside ElementProcessor

Zemi
Administrator
Hello,

which processor class are you extending? I'm afraid that you are extending a class that escapes content, you should be able to extend another class best suited for your needs.

Regards,
  Zemi
Reply | Threaded
Open this post in threaded view
|

Re: Html escaping characters inside ElementProcessor

ramonchu

Uauu so quickly.

The base class that i'm using is org.thymeleaf.processor.element.AbstractElementProcessor, over latest 2.1.3 release.

Thanks.
Reply | Threaded
Open this post in threaded view
|

Re: Html escaping characters inside ElementProcessor

Zemi
Administrator
Hello,

I checked some similar examples on my code and I noticed that I am using this constructor
  new Text(myText, false)
  http://www.thymeleaf.org/apidocs/thymeleaf/2.1.3.RELEASE/org/thymeleaf/dom/Text.html#Text%28java.lang.String,%20boolean%29

As you can see, it is now deprecated with the message

  Deprecated. Deprecated in 2.1.3. Will be removed in 3.0. Text and CDATA nodes do not perform XML-escaping anymore.

but I find the message misleading becase 2.1.3 it is already doing XML-escaping. The message should be

  Deprecated. Deprecated in 2.1.3. Will be removed in 3.0. Text and CDATA nodes *will* not perform XML-escaping anymore.

So using new Text(myText, false) should work for now, and in version 3 you should change it for new Text(myText) again.

Regards,
   Zemi

Reply | Threaded
Open this post in threaded view
|

Re: Html escaping characters inside ElementProcessor

ramonchu
Sorry, I just checked the original post. I wrote wrong the output. The real problem is following:

The source code inside ElementProcessor:

     String translated = ...;
     Element js = new Element("script");
     js.setAttribute("type", "text/javascript");
     js.addChild(new Text("showflash('" + translated + "');", false));
     js.setProcessable(false);
     formElem.insertChild(0, js);
     
Thymeleaf produces, despite having indicated false in escapeXml, that's not allowed javascript syntax:

     showflash('Datos incorrectos');


Thanks again.

And finally, Have you a release date for 3.0 version?
Reply | Threaded
Open this post in threaded view
|

Re: Html escaping characters inside ElementProcessor

Zemi
Administrator
Hello,

Have you tried if your code works with version 2.1.2?

According to the comment for deprecation on
  http://www.thymeleaf.org/apidocs/thymeleaf/2.1.3.RELEASE/org/thymeleaf/dom/Text.html#Text%28java.lang.String,%20boolean%29
this behaviour changed in 2.1.3. The comment says that XML-escaping is not performed anymore but according to your comments it seems that it is performed always.

As far I know, there is no release date for 3.0 yet.

Regards,
  Zemi

Reply | Threaded
Open this post in threaded view
|

Re: Html escaping characters inside ElementProcessor

danielfernandez
Administrator
Actually, that javadoc comment is very confusing. What I meant when I wrote it is that since 2.1.3 the "content" of a Text node is no longer the result of explicitly escaping whatever came through the constructor, which was the previous behaviour.

Now Text contents are kept just as they are specified in their constructors, but the template writer can ask Text nodes to provide an escaped version of their contents when writing the results (not during processing). This saves quite a lot of unescape+escape operations in template processing, because all texts directly coming from the input template and going unmodified to the template output are not touched at all.

In order to create a Text node that does not escape the String you specify as its contents, you simply have to use this constructor: https://github.com/thymeleaf/thymeleaf/blob/thymeleaf-2.1.3.RELEASE/src/main/java/org/thymeleaf/dom/Text.java#L63-L68 with a "true" for its 4th argument (contentIsEscaped). 2nd and 3rd arguments can perfectly go null there.

This will make the writer think your Text contents have already been specified by you in exactly the way you want them in output, and you won't suffer from any additional undesired escaping.

Hmmm... I think we need an additional constructor there, with only the (String content, boolean contentIsEscaped) arguments...

Regards,
Daniel.