[richfaces-issues] [JBoss JIRA] Commented: (RF-7992) Dynamic Skin css resources escape special html characters.

Pavol Pitonak (JIRA) jira-events at lists.jboss.org
Thu Apr 1 07:51:39 EDT 2010 

    [ https://jira.jboss.org/jira/browse/RF-7992?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12523393#action_12523393 ] 

Pavol Pitonak commented on RF-7992:
-----------------------------------

To verify, run in portal or 

1. create a new class
package demo;

import javax.faces.context.FacesContext;
mport org.ajax4jsf.resource.InternetResource;
import org.ajax4jsf.resource.ResourceBuilderImpl;

public class TestResourceBuilder extends ResourceBuilderImpl {
    @Override
    public String getUri(InternetResource resource, FacesContext context, Object storeData) {
        return super.getUri(resource, context, storeData) + "?param1=value1&param2=value2";
    }
}

2. register it, i.e. put "demo.TestResourceBuilder" into WEB-INF/classes/META-INF/services/org.ajax4jsf.resource.InternetResourceBuilder
3. create a page with rich:calendar
4. deploy and open the page
5. verify that the resource builder is registered properly, i.e. href attribute contains ?param1=value1&param2=value2
 <link type="text/css" rel="stylesheet" href="/tictactoe/faces/a4j/s/3_3_3.Finalorg/richfaces/renderkit/html/css/calendar.xcss/DATB/eAGbUnaFO3T5DGkAEaUDmQ__?param1=value1&param2=value2" class="component">
6. open the css file of calendar and verify that ampersands are not escaped

> Dynamic Skin css resources escape special html characters.
> ----------------------------------------------------------
>
>                 Key: RF-7992
>                 URL: https://jira.jboss.org/jira/browse/RF-7992
>             Project: RichFaces
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: portal, skinning
>    Affects Versions: 3.3.2.GA
>            Reporter: Alexander Smirnov
>             Fix For: 3.3.3.CR1
>
>
> In the dynamic CSS files ( .xcss ) <u:style> element uses ResponseWriter#writeText method that escapes special html characters like < > and & as XML entities.
> In the portal environment resource URL can contain parameters, so part of xcss file like this:
> 		<u:style name="background-image">
> 			<f:resource f:key="org.richfaces.renderkit.html.iconimages.CalendarSeparator" />
> 		</u:style>
> would be rendered incorrectly:
> background-image:url(/portal/auth/portal/default/SeamDemo/SeamPortletWindow?rfRes=org.richfaces.renderkit.html.images.ButtonBackgroundImage&amp;action=b&amp;cacheability=PAGE&amp;DATA=%2FB%2FeAFjYGDg%21v%219049r- , there all parameter delimiters '&' are replaced by '&amp;' entity.
> Therefore , most portals does not recognise these URL, and skin images are not loaded.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the richfaces-issues mailing list