[richfaces-issues] [JBoss JIRA] Created: (RF-1603) Quote in attribute value not handled correctly in ajax4jsf filter

[Alan Ballard (JIRA)]

Quote in attribute value not handled correctly in ajax4jsf filter
-----------------------------------------------------------------

                 Key: RF-1603
                 URL: http://jira.jboss.com/jira/browse/RF-1603
             Project: RichFaces
          Issue Type: Bug
    Affects Versions: 3.1.1
            Reporter: Alan Ballard


I ran into a problem with ajax responses not being handled correctly.  The specific context was a <dndParam> where the value attibute specified a string with a single, unmatched, quote as part of the value, though I believe this could occur in other situations. 
The response returned to the server is incorrectly generated with a cdata around an inappropriate portion of the response.  

Debugging shows that dndparam and dragsupport have correctly generated javascript with a correctly escaped backslash-quote.    
The problem is in the version of tidy included with richfaces,  when it  postprocesses the response for the script in ajax4jsf.Filter.   This contains code (in lexer.java  method getCDATA) that does handled excaped quotes, but only for nodes it considers javascript.   And it only considers a node to be javascript if it specifies language="javascript" or type="javascript".      Not type="text/javascript", which is (correctly) generated by the richfaces components.  
Should probably be checking for attribute value contains (case independently)  javascript.  



-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira