[richfaces-issues] [JBoss JIRA] Commented: (RF-7992) Dynamic Skin css resources escape special html characters.
Pavol Pitonak (JIRA)
jira-events at lists.jboss.org
Thu Apr 1 07:51:39 EDT 2010
[ https://jira.jboss.org/jira/browse/RF-7992?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12523393#action_12523393 ]
Pavol Pitonak commented on RF-7992:
-----------------------------------
To verify, run in portal or
1. create a new class
package demo;
import javax.faces.context.FacesContext;
mport org.ajax4jsf.resource.InternetResource;
import org.ajax4jsf.resource.ResourceBuilderImpl;
public class TestResourceBuilder extends ResourceBuilderImpl {
@Override
public String getUri(InternetResource resource, FacesContext context, Object storeData) {
return super.getUri(resource, context, storeData) + "?param1=value1¶m2=value2";
}
}
2. register it, i.e. put "demo.TestResourceBuilder" into WEB-INF/classes/META-INF/services/org.ajax4jsf.resource.InternetResourceBuilder
3. create a page with rich:calendar
4. deploy and open the page
5. verify that the resource builder is registered properly, i.e. href attribute contains ?param1=value1&param2=value2
<link type="text/css" rel="stylesheet" href="/tictactoe/faces/a4j/s/3_3_3.Finalorg/richfaces/renderkit/html/css/calendar.xcss/DATB/eAGbUnaFO3T5DGkAEaUDmQ__?param1=value1¶m2=value2" class="component">
6. open the css file of calendar and verify that ampersands are not escaped
> Dynamic Skin css resources escape special html characters.
> ----------------------------------------------------------
>
> Key: RF-7992
> URL: https://jira.jboss.org/jira/browse/RF-7992
> Project: RichFaces
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: portal, skinning
> Affects Versions: 3.3.2.GA
> Reporter: Alexander Smirnov
> Fix For: 3.3.3.CR1
>
>
> In the dynamic CSS files ( .xcss ) <u:style> element uses ResponseWriter#writeText method that escapes special html characters like < > and & as XML entities.
> In the portal environment resource URL can contain parameters, so part of xcss file like this:
> <u:style name="background-image">
> <f:resource f:key="org.richfaces.renderkit.html.iconimages.CalendarSeparator" />
> </u:style>
> would be rendered incorrectly:
> background-image:url(/portal/auth/portal/default/SeamDemo/SeamPortletWindow?rfRes=org.richfaces.renderkit.html.images.ButtonBackgroundImage&action=b&cacheability=PAGE&DATA=%2FB%2FeAFjYGDg%21v%219049r- , there all parameter delimiters '&' are replaced by '&' entity.
> Therefore , most portals does not recognise these URL, and skin images are not loaded.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the richfaces-issues
mailing list