play framework

Series 1.1
Bug #509259
Comment #2

Comment 2 for bug 509259

Revision history for this message

gimenete (gimenete) wrote on 2010-01-18: Re: [Bug 509259] [NEW] Easier html escaping with @@ annotation

That's great. It works!

The point is that maybe that should be the default behaviour. I'm not
sure, because is not true for plain text mail templates, but is almost
always true everytime in html templates.

Thank you Guillaume.

On Mon, Jan 18, 2010 at 7:09 PM, Guillaume Bort
<email address hidden> wrote:
> Can you test with:
>
> <a href="@{Application.index('foo', 'bar').escape()}">click</a> ?
>
> On Mon, Jan 18, 2010 at 6:53 PM, gimenete <email address hidden> wrote:
>> Public bug reported:
>>
>> Currently the correct way to generate an URL pointing to a controller in
>> play! is the following:
>>
>> <a href="${actionBridge.Application.index('foo', 'bar').url.escapeHtml()
>> }">click</a>
>>
>> The problem with @{} or @@{} is that it doesn't escape the HTML output.
>> So if you have a controller that needs two arguments in the query string
>> of the URL, with @{} you get something like this:
>>
>> <a href="/?b=bar&a=foo">click</a>
>>
>> Which is wrong becuse the ampersand is not escaped to &
>>
>> So the correct way is to use ${actionBridge.xxxx.url.escapeHtml()} which
>> is too verbose.
>>
>> I suggest something like the new auto-html-escaping facility. Maybe the
>> @{} notation should always do html escaping when executing a template
>> where the response has a text/html contentType.
>>
>> ** Affects: play
>> Importance: Undecided
>> Status: New
>>
>> --
>> Easier html escaping with @@ annotation
>> https://bugs.launchpad.net/bugs/509259
>> You received this bug notification because you are subscribed to play
>> framework.
>>
>
> --
> Easier html escaping with @@ annotation
> https://bugs.launchpad.net/bugs/509259
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in play framework: New
>
> Bug description:
> Currently the correct way to generate an URL pointing to a controller in play! is the following:
>
> <a href="${actionBridge.Application.index('foo', 'bar').url.escapeHtml() }">click</a>
>
> The problem with @{} or @@{} is that it doesn't escape the HTML output. So if you have a controller that needs two arguments in the query string of the URL, with @{} you get something like this:
>
> <a href="/?b=bar&a=foo">click</a>
>
> Which is wrong becuse the ampersand is not escaped to &
>
> So the correct way is to use ${actionBridge.xxxx.url.escapeHtml()} which is too verbose.
>
> I suggest something like the new auto-html-escaping facility. Maybe the @{} notation should always do html escaping when executing a template where the response has a text/html contentType.
>
> To unsubscribe from this bug, go to:
> https://bugs.launchpad.net/play/+bug/509259/+subscribe
>

That's great. It works!

The point is that maybe that should be the default behaviour. I'm not
sure, because is not true for plain text mail templates, but is almost
always true everytime in html templates.

Thank you Guillaume.

On Mon, Jan 18, 2010 at 7:09 PM, Guillaume Bort
<guillaume.bort@gmail.com> wrote:
> Can you test with:
>
> <a href="@{Application.index('foo', 'bar').escape()}">click</a> ?
>
> On Mon, Jan 18, 2010 at 6:53 PM, gimenete <gimenete@gmail.com> wrote:
>> Public bug reported:
>>
>> Currently the correct way to generate an URL pointing to a controller in
>> play! is the following:
>>
>> <a href="${actionBridge.Application.index('foo', 'bar').url.escapeHtml()
>> }">click</a>
>>
>> The problem with @{} or @@{} is that it doesn't escape the HTML output.
>> So if you have a controller that needs two arguments in the query string
>> of the URL, with @{} you get something like this:
>>
>> <a href="/?b=bar&a=foo">click</a>
>>
>> Which is wrong becuse the ampersand is not escaped to &amp;
>>
>> So the correct way is to use ${actionBridge.xxxx.url.escapeHtml()} which
>> is too verbose.
>>
>> I suggest something like the new auto-html-escaping facility. Maybe the
>> @{} notation should always do html escaping when executing a template
>> where the response has a text/html contentType.
>>
>> ** Affects: play
>>     Importance: Undecided
>>         Status: New
>>
>> --
>> Easier html escaping with @@ annotation
>> https://bugs.launchpad.net/bugs/509259
>> You received this bug notification because you are subscribed to play
>> framework.
>>
>
> --
> Easier html escaping with @@ annotation
> https://bugs.launchpad.net/bugs/509259
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in play framework: New
>
> Bug description:
> Currently the correct way to generate an URL pointing to a controller in play! is the following:
>
> <a href="${actionBridge.Application.index('foo', 'bar').url.escapeHtml() }">click</a>
>
> The problem with @{} or @@{} is that it doesn't escape the HTML output. So if you have a controller that needs two arguments in the query string of the URL, with @{} you get something like this:
>
> <a href="/?b=bar&a=foo">click</a>
>
> Which is wrong becuse the ampersand is not escaped to &amp;
>
> So the correct way is to use ${actionBridge.xxxx.url.escapeHtml()} which is too verbose.
>
> I suggest something like the new auto-html-escaping facility. Maybe the @{} notation should always do html escaping when executing a template where the response has a text/html contentType.
>
> To unsubscribe from this bug, go to:
> https://bugs.launchpad.net/play/+bug/509259/+subscribe
>