[richfaces-issues] [JBoss JIRA] Updated: (RF-1603) Quote in attribute value not handled correctly in ajax4jsf filter

Nick Belaevski (JIRA) jira-events at lists.jboss.org
Wed Dec 12 09:00:52 EST 2007 

     [ http://jira.jboss.com/jira/browse/RF-1603?page=all ]

Nick Belaevski updated RF-1603:
-------------------------------

    Fix Version/s: 3.2.0
         Assignee: Alexander Smirnov

> Quote in attribute value not handled correctly in ajax4jsf filter
> -----------------------------------------------------------------
>
>                 Key: RF-1603
>                 URL: http://jira.jboss.com/jira/browse/RF-1603
>             Project: RichFaces
>          Issue Type: Bug
>    Affects Versions: 3.1.1
>            Reporter: Alan Ballard
>         Assigned To: Alexander Smirnov
>             Fix For: 3.2.0
>
>
> I ran into a problem with ajax responses not being handled correctly.  The specific context was a <dndParam> where the value attribute specified a string with a single, unmatched, quote as part of the value, though I believe this could occur in other situations. 
> The response returned to the server is incorrectly generated with a cdata around an inappropriate portion of the response.  
> Debugging shows that dndparam and dragsupport have correctly generated javascript with a correctly escaped quote (backslash-quote).    
> The problem is in the version of tidy included with richfaces,  when it  postprocesses the response for the script in ajax4jsf.Filter.   This contains code (in lexer.java  method getCDATA) that does handled excaped quotes, but only for nodes it considers javascript.   And it only considers a node to be javascript if it specifies language="javascript" or type="javascript".      Not type="text/javascript", which is (correctly) generated by the richfaces components.  
> Should probably be checking for attribute value contains (case independently)  javascript.  

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the richfaces-issues mailing list