Use response encoding when escaping HTML
With SPR-9293, it is now possible to HTML escape text while taking into
account the current response encoding. When using UTF-* encodings, only
XML markup significant characters are escaped, since UTF-* natively
support those characters.
This commit adds a new servlet context parameter to enable this fix by
default in a Spring MVC application:
<context-param>
<param-name>responseEncodedHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>
Issue: SPR-12350, SPR-12132
This commit is contained in:
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
* Copyright 2002-2014 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -29,6 +29,7 @@ import org.springframework.context.support.DefaultMessageSourceResolvable;
|
||||
import org.springframework.web.context.ConfigurableWebApplicationContext;
|
||||
import org.springframework.web.servlet.support.RequestContext;
|
||||
import org.springframework.web.servlet.support.RequestContextUtils;
|
||||
import org.springframework.web.util.WebUtils;
|
||||
|
||||
/**
|
||||
* Tests for {@link MessageTag}.
|
||||
@@ -266,11 +267,31 @@ public class MessageTagTests extends AbstractTagTests {
|
||||
}
|
||||
};
|
||||
tag.setPageContext(pc);
|
||||
tag.setText("test & text");
|
||||
tag.setText("test & text é");
|
||||
tag.setHtmlEscape(true);
|
||||
assertTrue("Correct doStartTag return value", tag.doStartTag() == Tag.EVAL_BODY_INCLUDE);
|
||||
assertEquals("Correct doEndTag return value", Tag.EVAL_PAGE, tag.doEndTag());
|
||||
assertEquals("Correct message", "test & text", message.toString());
|
||||
assertEquals("Correct message", "test & text é", message.toString());
|
||||
}
|
||||
|
||||
@SuppressWarnings("serial")
|
||||
public void testMessageTagWithTextEncodingEscaped() throws JspException {
|
||||
PageContext pc = createPageContext();
|
||||
pc.getServletContext().setInitParameter(WebUtils.RESPONSE_ENCODED_HTML_ESCAPE_CONTEXT_PARAM, "true");
|
||||
pc.getResponse().setCharacterEncoding("UTF-8");
|
||||
final StringBuffer message = new StringBuffer();
|
||||
MessageTag tag = new MessageTag() {
|
||||
@Override
|
||||
protected void writeMessage(String msg) {
|
||||
message.append(msg);
|
||||
}
|
||||
};
|
||||
tag.setPageContext(pc);
|
||||
tag.setText("test <&> é");
|
||||
tag.setHtmlEscape(true);
|
||||
assertTrue("Correct doStartTag return value", tag.doStartTag() == Tag.EVAL_BODY_INCLUDE);
|
||||
assertEquals("Correct doEndTag return value", Tag.EVAL_PAGE, tag.doEndTag());
|
||||
assertEquals("Correct message", "test <&> é", message.toString());
|
||||
}
|
||||
|
||||
@SuppressWarnings("serial")
|
||||
|
||||
Reference in New Issue
Block a user