Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

HTML codec issues #11

Merged
merged 2 commits into from

3 participants

Zoran Stojakovic Benjamin Muschko Luca Orlandi
Zoran Stojakovic

Specifying HTML as the default codec in Config.groovy escapes single quotes
surrouding strings, causing JavaScript syntax errors. This fix bypasses the
codec.

Zoran Stojakovic zoran119 HTML codec bypass
Specifying HTML as the default codec in Config.groovy escapes single quotes
surrouding strings, causing JavaScript syntax errors. This fix bypasses the
codec.
69f7ae4
grails-app/views/_visualization_javascript.gsp
@@ -10,7 +10,7 @@
${visualizationData.name}_data.addColumn('${column[0]}', '${column[1]}');
Benjamin Muschko Owner

Shouldn't this use <%= %> also?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Benjamin Muschko
Owner

Thanks for the pull request. I'd recommend replace all place in the file that uses ${} with <%= %>.

Zoran Stojakovic

Was thinking the same thing. I will update the pull request.

Benjamin Muschko
Owner

Great, thanks!

Zoran Stojakovic

Updated. What do you think?

Benjamin Muschko
Owner

Looks good to me. Thanks!

Benjamin Muschko bmuschko merged commit 0a95f6c into from
Benjamin Muschko bmuschko was assigned
Luca Orlandi

I still have the same problem using grails 2.3.5
I unsuccessfully tried grails.view.gsp.codecs.scriptlet = 'none'

// GSP settings
grails {
views {
    gsp {
        encoding = 'UTF-8'
        htmlcodec = 'xml' // use xml escaping instead of HTML4 escaping
        codecs {
            expression = 'html' // escapes values inside ${}
            scriptlet = 'none' // escapes output from scriptlets in GSPs
            taglib = 'none' // escapes output from taglibs
            staticparts = 'none' // escapes output from static template parts
        }
    }
    // escapes all not-encoded output at final stage of outputting
    filteringCodecForContentType {
        //'text/html' = 'none'
    }
}
}
Benjamin Muschko
Owner

I guess that should do it. Did you try a grails clean?

Luca Orlandi

Yes you are right thank you.
I always forget "grails clean" with grails :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jan 31, 2013
  1. Zoran Stojakovic

    HTML codec bypass

    zoran119 authored
    Specifying HTML as the default codec in Config.groovy escapes single quotes
    surrouding strings, causing JavaScript syntax errors. This fix bypasses the
    codec.
  2. Zoran Stojakovic
This page is out of date. Refresh to see the latest.
Showing with 11 additions and 11 deletions.
  1. +11 −11 grails-app/views/_visualization_javascript.gsp
22 grails-app/views/_visualization_javascript.gsp
View
@@ -1,30 +1,30 @@
<%@ page import="org.apache.commons.lang.StringUtils" %>
<g:set var="functionName" value="draw${StringUtils.capitalize(visualizationData.name)}"/>
<script type="text/javascript">
- google.load('visualization', '${visualizationData.version}', {'packages': ['${visualizationData.visualization.packageName}']<g:if test="${visualizationData.dynamicLoading}">, 'callback': ${functionName}</g:if><g:if test="${visualizationData.language}">, 'language': '${visualizationData.language}'</g:if>});
- <g:if test="${!visualizationData.dynamicLoading}">google.setOnLoadCallback(${functionName});</g:if>
+ google.load('visualization', '<%=visualizationData.version%>', {'packages': ['<%=visualizationData.visualization.packageName%>']<g:if test="${visualizationData.dynamicLoading}">, 'callback': <%=functionName%></g:if><g:if test="${visualizationData.language}">, 'language': '<%=visualizationData.language%>'</g:if>});
+ <g:if test="${!visualizationData.dynamicLoading}">google.setOnLoadCallback(<%=functionName%>);</g:if>
- function ${functionName}() {
- ${visualizationData.name}_data = new google.visualization.DataTable();
+ function <%=functionName%>() {
+ <%=visualizationData.name%>_data = new google.visualization.DataTable();
<g:each var="column" in="${visualizationData.columns}">
- ${visualizationData.name}_data.addColumn('${column[0]}', '${column[1]}');
+ <%=visualizationData.name%>_data.addColumn('<%=column[0]%>', '<%=column[1]%>');
</g:each>
<g:each var="row" in="${visualizationData.rows}">
- ${visualizationData.name}_data.addRow(${row});
+ <%=visualizationData.name%>_data.addRow(<%=row%>);
</g:each>
- ${visualizationData.name} = new ${visualizationData.visualization.object}(document.getElementById('${visualizationData.elementId}'));
+ <%=visualizationData.name%> = new <%=visualizationData.visualization.object%>(document.getElementById('<%=visualizationData.elementId%>'));
<g:render template="/formatter" model="[visualizationData: visualizationData]" plugin="google-visualization"/>
<g:each var="beforeDrawEvent" in="${visualizationData.beforeDrawEvents}">
- google.visualization.events.addListener(${visualizationData.name}, '${beforeDrawEvent.key}', ${beforeDrawEvent.value});
+ google.visualization.events.addListener(<%=visualizationData.name%>, '<%=beforeDrawEvent.key%>', <%=beforeDrawEvent.value%>);
</g:each>
- ${visualizationData.name}.draw(${visualizationData.name}_data, ${visualizationData.options});
+ <%=visualizationData.name%>.draw(<%=visualizationData.name%>_data, <%=visualizationData.options%>);
<g:each var="afterDrawEvent" in="${visualizationData.afterDrawEvents}">
- google.visualization.events.addListener(${visualizationData.name}, '${afterDrawEvent.key}', ${afterDrawEvent.value});
+ google.visualization.events.addListener(<%=visualizationData.name%>, '<%=afterDrawEvent.key%>', <%=afterDrawEvent.value%>);
</g:each>
}
-</script>
+</script>
Something went wrong with that request. Please try again.