Yes, it's true for any XML-like language, because <, > and & are
reserved characters.
You cannot use:
Ey, 1 is < 2 & 2 is > 1
The same is true in element attributes such as href, src, etc.
On Mon, Jan 18, 2010 at 7:31 PM, Guillaume Bort
wrote:
> Is it also true in HTML5 ?
>
> On Mon, Jan 18, 2010 at 7:23 PM, gimenete wrote:
>> That's great. It works!
>>
>> The point is that maybe that should be the default behaviour. I'm not
>> sure, because is not true for plain text mail templates, but is almost
>> always true everytime in html templates.
>>
>> Thank you Guillaume.
>>
>>
>> On Mon, Jan 18, 2010 at 7:09 PM, Guillaume Bort
>> wrote:
>>> Can you test with:
>>>
>>> click ?
>>>
>>> On Mon, Jan 18, 2010 at 6:53 PM, gimenete wrote:
>>>> Public bug reported:
>>>>
>>>> Currently the correct way to generate an URL pointing to a controller in
>>>> play! is the following:
>>>>
>>>> click
>>>>
>>>> The problem with @{} or @@{} is that it doesn't escape the HTML output.
>>>> So if you have a controller that needs two arguments in the query string
>>>> of the URL, with @{} you get something like this:
>>>>
>>>> click
>>>>
>>>> Which is wrong becuse the ampersand is not escaped to &
>>>>
>>>> So the correct way is to use ${actionBridge.xxxx.url.escapeHtml()} which
>>>> is too verbose.
>>>>
>>>> I suggest something like the new auto-html-escaping facility. Maybe the
>>>> @{} notation should always do html escaping when executing a template
>>>> where the response has a text/html contentType.
>>>>
>>>> ** Affects: play
>>>> Importance: Undecided
>>>> Status: New
>>>>
>>>> --
>>>> Easier html escaping with @@ annotation
>>>> https://bugs.launchpad.net/bugs/509259
>>>> You received this bug notification because you are subscribed to play
>>>> framework.
>>>>
>>>
>>> --
>>> Easier html escaping with @@ annotation
>>> https://bugs.launchpad.net/bugs/509259
>>> You received this bug notification because you are a direct subscriber
>>> of the bug.
>>>
>>> Status in play framework: New
>>>
>>> Bug description:
>>> Currently the correct way to generate an URL pointing to a controller in play! is the following:
>>>
>>> click
>>>
>>> The problem with @{} or @@{} is that it doesn't escape the HTML output. So if you have a controller that needs two arguments in the query string of the URL, with @{} you get something like this:
>>>
>>> click
>>>
>>> Which is wrong becuse the ampersand is not escaped to &
>>>
>>> So the correct way is to use ${actionBridge.xxxx.url.escapeHtml()} which is too verbose.
>>>
>>> I suggest something like the new auto-html-escaping facility. Maybe the @{} notation should always do html escaping when executing a template where the response has a text/html contentType.
>>>
>>> To unsubscribe from this bug, go to:
>>> https://bugs.launchpad.net/play/+bug/509259/+subscribe
>>>
>>
>> --
>> Easier html escaping with @@ annotation
>> https://bugs.launchpad.net/bugs/509259
>> You received this bug notification because you are subscribed to play
>> framework.
>>
>
> --
> Easier html escaping with @@ annotation
> https://bugs.launchpad.net/bugs/509259
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in play framework: New
>
> Bug description:
> Currently the correct way to generate an URL pointing to a controller in play! is the following:
>
> click
>
> The problem with @{} or @@{} is that it doesn't escape the HTML output. So if you have a controller that needs two arguments in the query string of the URL, with @{} you get something like this:
>
> click
>
> Which is wrong becuse the ampersand is not escaped to &
>
> So the correct way is to use ${actionBridge.xxxx.url.escapeHtml()} which is too verbose.
>
> I suggest something like the new auto-html-escaping facility. Maybe the @{} notation should always do html escaping when executing a template where the response has a text/html contentType.
>
> To unsubscribe from this bug, go to:
> https://bugs.launchpad.net/play/+bug/509259/+subscribe
>