struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yasser Zamani (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-5022) Struts 2.6 escaping behaviour change for s:a (anchor) tag
Date Wed, 20 Feb 2019 09:06:00 GMT

    [ https://issues.apache.org/jira/browse/WW-5022?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16772792#comment-16772792
] 

Yasser Zamani commented on WW-5022:
-----------------------------------

If we would go with it, then I think let's proceed, fix this and introduce it as soon as possible
i.e. 2.6 is a good candidate to break previous major behavior :) To proceed and fix this,
we should review all changed files or all {{ftl}} files to see if there are cases that logically
their escape behavior needs the ability to be overridden by user.

> Struts 2.6 escaping behaviour change for s:a (anchor) tag
> ---------------------------------------------------------
>
>                 Key: WW-5022
>                 URL: https://issues.apache.org/jira/browse/WW-5022
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.6
>         Environment: Tomcat 7.0, 8.5 using Java 8 and 11.
>            Reporter: James Chaplin
>            Priority: Major
>             Fix For: 2.6
>
>
> While interacting with the current 2.6 Showcase application I recently noticed that+
the "Home" glyph icon was not displaying correctly+.  Instead of the icon, +the page displayed
the body content literally in the browser+.  Checking the page source (view source in browser)
it turns out the body content of the tag was HTML-escaped.  I double-checked and this does
not happen to Struts 2.5.21 (snapshot) or older 2.6 Showcase apps.
> This behaviour might affect other tags, but +it was noticed and confirmed with "s:a"+
(the JSP anchor tag).
> After some digging (using older commits from GitHub and building the 2.6 Showcase app
from them) it appears the automatic body escaping did not occur prior to January 2nd 2019,
but was introduced with one of the multiple commits applied on January 3rd 2019.
> It could be an interaction between earlier mid-December 2018 commits that changed the
Freemarker configuration version in FreemarkerManager (Configuration.VERSION_2_3_0) to a new
one (Configuration.VERSION_2_3_28), combined with the January 3rd commits.  Couldn't find
the exact cause, but perhaps one of the Struts Team might be able to do so.
> Given the original/old behaviour +it seems that auto-escaping the tag body might be a
bug+.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message