Skip to content

Commit

Permalink
ISIS-3240: value-semantics: change default HTML renderer to escape
Browse files Browse the repository at this point in the history
content

- specializations can always override that behavior
  • Loading branch information
andi-huber committed Oct 10, 2022
1 parent a6f9598 commit c6e9b39
Showing 1 changed file with 6 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@
*/
package org.apache.isis.applib.value.semantics;

import org.apache.isis.commons.internal.base._Strings;

/**
* @since 2.x {@index}
*/
Expand All @@ -30,9 +32,12 @@ public interface Renderer<T> {

/**
* The value rendered as HTML.
* <p>
* Default implementation uses the 'escaped' titlePresentation.
* Override for custom HTML, but be aware of potential XSS attack risks.
*/
default String htmlPresentation(final ValueSemanticsProvider.Context context, final T value) {
return titlePresentation(context, value);
return _Strings.htmlEscape(titlePresentation(context, value));
}

public static enum SyntaxHighlighter {
Expand Down

0 comments on commit c6e9b39

Please sign in to comment.