Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

HTML codec issues #11

Merged
merged 2 commits into from

3 participants

@zoran119

Specifying HTML as the default codec in Config.groovy escapes single quotes
surrouding strings, causing JavaScript syntax errors. This fix bypasses the
codec.

@zoran119 zoran119 HTML codec bypass
Specifying HTML as the default codec in Config.groovy escapes single quotes
surrouding strings, causing JavaScript syntax errors. This fix bypasses the
codec.
69f7ae4
grails-app/views/_visualization_javascript.gsp
@@ -10,7 +10,7 @@
${visualizationData.name}_data.addColumn('${column[0]}', '${column[1]}');
@bmuschko Owner

Shouldn't this use <%= %> also?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@bmuschko
Owner

Thanks for the pull request. I'd recommend replace all place in the file that uses ${} with <%= %>.

@zoran119

Was thinking the same thing. I will update the pull request.

@bmuschko
Owner

Great, thanks!

@zoran119

Updated. What do you think?

@bmuschko
Owner

Looks good to me. Thanks!

@bmuschko bmuschko merged commit 0a95f6c into bmuschko:master
@bmuschko bmuschko was assigned
@lrkwz

I still have the same problem using grails 2.3.5
I unsuccessfully tried grails.view.gsp.codecs.scriptlet = 'none'

// GSP settings
grails {
views {
    gsp {
        encoding = 'UTF-8'
        htmlcodec = 'xml' // use xml escaping instead of HTML4 escaping
        codecs {
            expression = 'html' // escapes values inside ${}
            scriptlet = 'none' // escapes output from scriptlets in GSPs
            taglib = 'none' // escapes output from taglibs
            staticparts = 'none' // escapes output from static template parts
        }
    }
    // escapes all not-encoded output at final stage of outputting
    filteringCodecForContentType {
        //'text/html' = 'none'
    }
}
}
@bmuschko
Owner

I guess that should do it. Did you try a grails clean?

@lrkwz

Yes you are right thank you.
I always forget "grails clean" with grails :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jan 31, 2013
  1. @zoran119

    HTML codec bypass

    zoran119 authored
    Specifying HTML as the default codec in Config.groovy escapes single quotes
    surrouding strings, causing JavaScript syntax errors. This fix bypasses the
    codec.
  2. @zoran119
This page is out of date. Refresh to see the latest.
Showing with 11 additions and 11 deletions.
  1. +11 −11 grails-app/views/_visualization_javascript.gsp
View
22 grails-app/views/_visualization_javascript.gsp
@@ -1,30 +1,30 @@
<%@ page import="org.apache.commons.lang.StringUtils" %>
<g:set var="functionName" value="draw${StringUtils.capitalize(visualizationData.name)}"/>
<script type="text/javascript">
- google.load('visualization', '${visualizationData.version}', {'packages': ['${visualizationData.visualization.packageName}']<g:if test="${visualizationData.dynamicLoading}">, 'callback': ${functionName}</g:if><g:if test="${visualizationData.language}">, 'language': '${visualizationData.language}'</g:if>});
- <g:if test="${!visualizationData.dynamicLoading}">google.setOnLoadCallback(${functionName});</g:if>
+ google.load('visualization', '<%=visualizationData.version%>', {'packages': ['<%=visualizationData.visualization.packageName%>']<g:if test="${visualizationData.dynamicLoading}">, 'callback': <%=functionName%></g:if><g:if test="${visualizationData.language}">, 'language': '<%=visualizationData.language%>'</g:if>});
+ <g:if test="${!visualizationData.dynamicLoading}">google.setOnLoadCallback(<%=functionName%>);</g:if>
- function ${functionName}() {
- ${visualizationData.name}_data = new google.visualization.DataTable();
+ function <%=functionName%>() {
+ <%=visualizationData.name%>_data = new google.visualization.DataTable();
<g:each var="column" in="${visualizationData.columns}">
- ${visualizationData.name}_data.addColumn('${column[0]}', '${column[1]}');
+ <%=visualizationData.name%>_data.addColumn('<%=column[0]%>', '<%=column[1]%>');
</g:each>
<g:each var="row" in="${visualizationData.rows}">
- ${visualizationData.name}_data.addRow(${row});
+ <%=visualizationData.name%>_data.addRow(<%=row%>);
</g:each>
- ${visualizationData.name} = new ${visualizationData.visualization.object}(document.getElementById('${visualizationData.elementId}'));
+ <%=visualizationData.name%> = new <%=visualizationData.visualization.object%>(document.getElementById('<%=visualizationData.elementId%>'));
<g:render template="/formatter" model="[visualizationData: visualizationData]" plugin="google-visualization"/>
<g:each var="beforeDrawEvent" in="${visualizationData.beforeDrawEvents}">
- google.visualization.events.addListener(${visualizationData.name}, '${beforeDrawEvent.key}', ${beforeDrawEvent.value});
+ google.visualization.events.addListener(<%=visualizationData.name%>, '<%=beforeDrawEvent.key%>', <%=beforeDrawEvent.value%>);
</g:each>
- ${visualizationData.name}.draw(${visualizationData.name}_data, ${visualizationData.options});
+ <%=visualizationData.name%>.draw(<%=visualizationData.name%>_data, <%=visualizationData.options%>);
<g:each var="afterDrawEvent" in="${visualizationData.afterDrawEvents}">
- google.visualization.events.addListener(${visualizationData.name}, '${afterDrawEvent.key}', ${afterDrawEvent.value});
+ google.visualization.events.addListener(<%=visualizationData.name%>, '<%=afterDrawEvent.key%>', <%=afterDrawEvent.value%>);
</g:each>
}
-</script>
+</script>
Something went wrong with that request. Please try again.