Reputation: 327
Stop Grails from HTML encoding messages?
Note: in the process of upgrading from Grails 1.3.6 to 2.2.2.
If I have a tag such as:
<g:message code="some.code.here" args="${[someHTML]}" />
It is encoding the value as HTML even though the following is set in Config.groovy:
grails.views.default.codec = "none"
This was not a problem in Grails 1.3.6. It does it for all tags throughout the entire project. This is necessary to pass in the links this way, as we are passing in links based on the language.
Any idea why this is not working even though it was working before the upgrade, or a workaround?
If the HTML is in the .properties file, that renders fine. If the variable is just embedded into the page, it works fine. It the act of passing it in as an argument to g:message that causes it to error. I have attempted to use the <%=someHTML%> way to pass it in, but it doesn't seem to like that, telling me that I am missing a quote.
Upvotes: 1
Views: 1817
Answers (1)
Reputation: 5310
g:message was changed because of a XSS vulnerability (GRAILS-7170). See http://jira.grails.org/browse/GRAILS-10099 for a workaround for continuing to use HTML arguments in certain cases (such as your use case).
Upvotes: 2
Related Questions
- When to encode as HTML in Grails
- Overriding grails.views.default.codec='html' config back to 'none'
- Grails' respond method outputs HTML content with charset=ISO-8859-1
- TagLib outputs wrong encoding
- How do I ensure I return encoded text for requests that have encoded text?
- How to use HTML in grails messages.properties for mail sending
- Grails render tag and message.properties
- Grails i18n messages in html tags
- How to display HTML in Grails Error Messages without losing encoding for User supplied content?
- grails encoding in html attributes