Easier html escaping with @@ annotation
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
play framework | Status tracked in 1.0 | |||||
1.0 |
Fix Released
|
Undecided
|
Unassigned | |||
1.1 |
Fix Committed
|
Undecided
|
Unassigned |
Bug Description
Currently the correct way to generate an URL pointing to a controller in play! is the following:
<a href="$
The problem with @{} or @@{} is that it doesn't escape the HTML output. So if you have a controller that needs two arguments in the query string of the URL, with @{} you get something like this:
<a href="/
Which is wrong becuse the ampersand is not escaped to &
So the correct way is to use ${actionBridge.
I suggest something like the new auto-html-escaping facility. Maybe the @{} notation should always do html escaping when executing a template where the response has a text/html contentType.
Can you test with:
<a href="@ {Application. index(' foo', 'bar'). escape( )}">click< /a> ?
On Mon, Jan 18, 2010 at 6:53 PM, gimenete <email address hidden> wrote: {actionBridge. Application. index(' foo', 'bar'). url.escapeHtml( ) ?b=bar& a=foo"> click</ a> xxxx.url. escapeHtml( )} which /bugs.launchpad .net/bugs/ 509259
> Public bug reported:
>
> Currently the correct way to generate an URL pointing to a controller in
> play! is the following:
>
> <a href="$
> }">click</a>
>
> The problem with @{} or @@{} is that it doesn't escape the HTML output.
> So if you have a controller that needs two arguments in the query string
> of the URL, with @{} you get something like this:
>
> <a href="/
>
> Which is wrong becuse the ampersand is not escaped to &
>
> So the correct way is to use ${actionBridge.
> is too verbose.
>
> I suggest something like the new auto-html-escaping facility. Maybe the
> @{} notation should always do html escaping when executing a template
> where the response has a text/html contentType.
>
> ** Affects: play
> Importance: Undecided
> Status: New
>
> --
> Easier html escaping with @@ annotation
> https:/
> You received this bug notification because you are subscribed to play
> framework.
>