[struts] branch WW-5022-escape-false updated: WW-5022 Cleans up escapeHtmlBody flag with default value

[lukaszlenart]

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch WW-5022-escape-false
in repository https://gitbox.apache.org/repos/asf/struts.git


The following commit(s) were added to refs/heads/WW-5022-escape-false by this 
push:
 new 61e6d34  WW-5022 Cleans up escapeHtmlBody flag with default value
61e6d34 is described below

commit 61e6d342bab6f4d0e0339300a79cb350747cc7cc
Author: Lukasz Lenart 
AuthorDate: Sun Jan 23 10:45:14 2022 +0100

WW-5022 Cleans up escapeHtmlBody flag with default value
---
 apps/showcase/src/main/webapp/WEB-INF/decorators/main.jsp | 4 ++--
 apps/showcase/src/main/webapp/WEB-INF/filedownload/index.jsp  | 4 ++--
 apps/showcase/src/main/webapp/WEB-INF/hangman/hangmanNonAjax.ftl  | 4 ++--
 apps/showcase/src/main/webapp/WEB-INF/person/new-person.ftl   | 2 +-
 .../main/webapp/WEB-INF/tags/non-ui/actionPrefix/actionPrefix.ftl | 2 +-
 .../WEB-INF/tags/non-ui/actionPrefix/actionPrefixExample.ftl  | 8 
 .../main/webapp/WEB-INF/tags/non-ui/actionPrefix/methodPrefix.ftl | 4 ++--
 .../main/webapp/WEB-INF/tags/non-ui/actionPrefix/normalSubmit.ftl | 4 ++--
 .../WEB-INF/tags/non-ui/actionPrefix/redirectActionPrefix.ftl | 4 ++--
 .../tags/non-ui/iteratorTag/appendIteratorTagDemoResult.jsp   | 2 +-
 .../tags/non-ui/iteratorTag/iteratorGeneratorTagDemoResult.jsp| 2 +-
 .../tags/non-ui/iteratorTag/mergeIteratorTagDemoResult.jsp| 2 +-
 .../tags/non-ui/iteratorTag/subsetIteratorTagDemoResult.jsp   | 2 +-
 apps/showcase/src/main/webapp/WEB-INF/token/example4.ftl  | 2 +-
 core/src/main/java/org/apache/struts2/components/Submit.java  | 2 +-
 15 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/apps/showcase/src/main/webapp/WEB-INF/decorators/main.jsp 
b/apps/showcase/src/main/webapp/WEB-INF/decorators/main.jsp
index 39a3a03..0d09eb6 100644
--- a/apps/showcase/src/main/webapp/WEB-INF/decorators/main.jsp
+++ b/apps/showcase/src/main/webapp/WEB-INF/decorators/main.jsp
@@ -113,7 +113,7 @@
 
 
 
- Home
+ Home
 
 
  
Configuration
@@ -239,7 +239,7 @@
 
 Person 
Manager
 CRUD
-Execute & Wait
+Execute & 
Wait
 Token
 Model Driven
diff --git a/apps/showcase/src/main/webapp/WEB-INF/filedownload/index.jsp 
b/apps/showcase/src/main/webapp/WEB-INF/filedownload/index.jsp
index 07afedf..ac1082d 100644
--- a/apps/showcase/src/main/webapp/WEB-INF/filedownload/index.jsp
+++ b/apps/showcase/src/main/webapp/WEB-INF/filedownload/index.jsp
@@ -39,7 +39,7 @@

 

- Download image 
file.
+ Download image file.



@@ -47,7 +47,7 @@

 

- Download ZIP 
file.
+ Download ZIP file.


 
diff --git a/apps/showcase/src/main/webapp/WEB-INF/hangman/hangmanNonAjax.ftl 
b/apps/showcase/src/main/webapp/WEB-INF/hangman/hangmanNonAjax.ftl
index 046ab4b..3c32518 100644
--- a/apps/showcase/src/main/webapp/WEB-INF/hangman/hangmanNonAjax.ftl
+++ b/apps/showcase/src/main/webapp/WEB-INF/hangman/hangmanNonAjax.ftl
@@ -125,7 +125,7 @@
<#else>
" 
width="381" height="44" />

-   <@s.a href="%{#startHref}" escapeHtmlBody="false">
+   <@s.a href="%{#startHref}">
" width="250" height="43" />

<#else>
@@ -139,7 +139,7 @@
 
  <@s.a href="%{#url}"
  id="%{#currentCharacter}"
-  escapeHtmlBody="false"
+
  >
" width="36" border="0" />
  
diff --git a/apps/showcase/src/main/webapp/WEB-INF/person/new-person.ftl 
b/apps/showcase/src/main/webapp/WEB-INF/person/new-person.ftl
index 6af4da4..07a66d4 100644
--- a/apps/showcase/src/main/webapp/WEB-INF/person/new-person.ftl
+++ b/apps/showcase/src/main/webapp/WEB-INF/person/new-person.ftl
@@ -59,7 +59,7 @@



-   <@s.submit value="Create person" 
cssClass="btn btn-primary" escapeHtmlBody="false"/>
+   <@s.submit value="Create person" 
cssClass="btn btn-primary"/>



diff --git 
a/ap

[struts] branch master updated: WW-5164 Removes deprecated class

[lukaszlenart]

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts.git


The following commit(s) were added to refs/heads/master by this push:
 new e59abe4  WW-5164 Removes deprecated class
e59abe4 is described below

commit e59abe4e344a8ce3ed2b1d460b623ccf303271aa
Author: Lukasz Lenart 
AuthorDate: Sun Jan 23 10:58:14 2022 +0100

WW-5164 Removes deprecated class
---
 .../conversion/metadata/ConversionDescription.java | 187 -
 .../xwork2/conversion/metadata/package.html|  21 ---
 2 files changed, 208 deletions(-)

diff --git 
a/core/src/main/java/com/opensymphony/xwork2/conversion/metadata/ConversionDescription.java
 
b/core/src/main/java/com/opensymphony/xwork2/conversion/metadata/ConversionDescription.java
deleted file mode 100644
index 74c6d6e..000
--- 
a/core/src/main/java/com/opensymphony/xwork2/conversion/metadata/ConversionDescription.java
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.opensymphony.xwork2.conversion.metadata;
-
-import com.opensymphony.xwork2.conversion.annotations.ConversionRule;
-import com.opensymphony.xwork2.conversion.impl.DefaultObjectTypeDeterminer;
-import org.apache.logging.log4j.Logger;
-import org.apache.logging.log4j.LogManager;
-
-import java.io.PrintWriter;
-import java.io.StringWriter;
-
-/**
- * ConversionDescription
- *
- * @author Rainer Hermanns
- * @version $Id$
- *
- * @deprecated class will be removed
- */
-@Deprecated
-public class ConversionDescription {
-
-/**
- * Jakarta commons-logging reference.
- */
-protected static Logger log = null;
-
-
-public static final String KEY_PREFIX = "Key_";
-public static final String ELEMENT_PREFIX = "Element_";
-public static final String KEY_PROPERTY_PREFIX = "KeyProperty_";
-public static final String DEPRECATED_ELEMENT_PREFIX = "Collection_";
-
-/**
- * Key used for type conversion of maps.
- */
-String MAP_PREFIX = "Map_";
-
-public String property;
-public String typeConverter = "";
-public String rule = "";
-public String value = "";
-public String fullQualifiedClassName;
-public String type = null;
-
-public ConversionDescription() {
-log = LogManager.getLogger(this.getClass());
-}
-
-/**
- * Creates an ConversionDescription with the specified property name.
- *
- * @param property property
- */
-public ConversionDescription(String property) {
-this.property = property;
-log = LogManager.getLogger(this.getClass());
-}
-
-/**
- * 
- * Sets the property name to be inserted into the related 
conversion.properties file.
- * Note: Do not add COLLECTION_PREFIX or MAP_PREFIX keys to property names.
- * 
- *
- * @param property The property to be converted.
- */
-public void setProperty(String property) {
-this.property = property;
-}
-
-/**
- * Sets the class name of the type converter to be used.
- *
- * @param typeConverter The class name of the type converter.
- */
-public void setTypeConverter(String typeConverter) {
-this.typeConverter = typeConverter;
-}
-
-/**
- * @param rule the rule prefix for COLLECTION_PREFIX or MAP_PREFIX key. 
Defaults to en empty String.
- */
-public void setRule(String rule) {
-if (rule != null && rule.length() > 0) {
-if (rule.equals(ConversionRule.COLLECTION.toString())) {
-this.rule = 
DefaultObjectTypeDeterminer.DEPRECATED_ELEMENT_PREFIX;
-} else if (rule.equals(ConversionRule.ELEMENT.toString())) {
-this.rule = DefaultObjectTypeDeterminer.ELEMENT_PREFIX;
-} else if (rule.equals(ConversionRule.KEY.toString())) {
-this.rule = DefaultObjectTypeDeterminer.KEY_PREFIX;
-} else if (rule.equals(ConversionRule.KEY_PROPERTY.toString())) {
-this.rule = DefaultObjectTypeDeterminer.KEY_PROPERTY_PREFIX;
-} else if (rule.equals(ConversionRule.MAP.toString())) {
-this.rule = MAP_

[struts] branch WW-5115-dmi-logging created (now 5659535)

[lukaszlenart]

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a change to branch WW-5115-dmi-logging
in repository https://gitbox.apache.org/repos/asf/struts.git.


  at 5659535  WW-5115 Reduces logging for ignored DMI related params when 
DMI is disabled

This branch includes the following new commits:

 new 5659535  WW-5115 Reduces logging for ignored DMI related params when 
DMI is disabled

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[struts] 01/01: WW-5115 Reduces logging for ignored DMI related params when DMI is disabled

[lukaszlenart]

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch WW-5115-dmi-logging
in repository https://gitbox.apache.org/repos/asf/struts.git

commit 56595356d3addfa7ecf42a1610914a808bc40bf7
Author: Lukasz Lenart 
AuthorDate: Sat Apr 3 17:32:38 2021 +0200

WW-5115 Reduces logging for ignored DMI related params when DMI is disabled
---
 .../xwork2/interceptor/ParametersInterceptor.java  | 32 +-
 .../interceptor/ParametersInterceptorTest.java | 27 ++
 2 files changed, 52 insertions(+), 7 deletions(-)

diff --git 
a/core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
 
b/core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
index a8f7176..69b717c 100644
--- 
a/core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
+++ 
b/core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
@@ -40,6 +40,7 @@ import java.util.Collection;
 import java.util.Comparator;
 import java.util.Map;
 import java.util.TreeMap;
+import java.util.regex.Pattern;
 
 /**
  * This interceptor sets all parameters on the value stack.
@@ -50,8 +51,11 @@ public class ParametersInterceptor extends 
MethodFilterInterceptor {
 
 protected static final int PARAM_NAME_MAX_LENGTH = 100;
 
+private static final Pattern DMI_IGNORED_PATTERN = 
Pattern.compile("^(action|method):.*", Pattern.CASE_INSENSITIVE);
+
 private int paramNameMaxLength = PARAM_NAME_MAX_LENGTH;
 private boolean devMode = false;
+private boolean dmiEnabled = false;
 
 protected boolean ordered = false;
 
@@ -79,6 +83,11 @@ public class ParametersInterceptor extends 
MethodFilterInterceptor {
 this.acceptedPatterns = acceptedPatterns;
 }
 
+@Inject(value = StrutsConstants.STRUTS_ENABLE_DYNAMIC_METHOD_INVOCATION, 
required = false)
+protected void setDynamicMethodInvocation(String dmiEnabled) {
+this.dmiEnabled = Boolean.parseBoolean(dmiEnabled);
+}
+
 /**
  * If the param name exceeds the configured maximum length it will not be
  * accepted.
@@ -101,13 +110,10 @@ public class ParametersInterceptor extends 
MethodFilterInterceptor {
 /**
  * Compares based on number of '.' and '[' characters (fewer is higher)
  */
-static final Comparator rbCollator = new Comparator() {
-public int compare(String s1, String s2) {
-int l1 = countOGNLCharacters(s1);
-int l2 = countOGNLCharacters(s2);
-return l1 < l2 ? -1 : (l2 < l1 ? 1 : s1.compareTo(s2));
-}
-
+static final Comparator rbCollator = (s1, s2) -> {
+int l1 = countOGNLCharacters(s1);
+int l2 = countOGNLCharacters(s2);
+return l1 < l2 ? -1 : (l2 < l1 ? 1 : s1.compareTo(s2));
 };
 
 @Override
@@ -286,6 +292,10 @@ public class ParametersInterceptor extends 
MethodFilterInterceptor {
 }
 
 protected boolean acceptableName(String name) {
+if (isIgnoredDMI(name)) {
+LOG.trace("DMI is enabled, ignoring DMI method: {}", name);
+return false;
+}
 boolean accepted = isWithinLengthLimit(name) && !isExcluded(name) && 
isAccepted(name);
 if (devMode && accepted) { // notify only when in devMode
 LOG.debug("Parameter [{}] was accepted and will be appended to 
action!", name);
@@ -293,6 +303,14 @@ public class ParametersInterceptor extends 
MethodFilterInterceptor {
 return accepted;
 }
 
+private boolean isIgnoredDMI(String name) {
+if (dmiEnabled) {
+return DMI_IGNORED_PATTERN.matcher(name).matches();
+} else {
+return false;
+}
+}
+
 protected boolean isWithinLengthLimit(String name) {
 boolean matchLength = name.length() <= paramNameMaxLength;
 if (!matchLength) {
diff --git 
a/core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
 
b/core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
index 381f909..515b7cf 100644
--- 
a/core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
+++ 
b/core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
@@ -730,6 +730,33 @@ public class ParametersInterceptorTest extends 
XWorkTestCase {
 assertEquals(expected, actual);
 }
 
+public void testDMIMethodsAreIgnored() throws Exception {
+// given
+ParametersInterceptor interceptor = createParametersInterceptor();
+final Map actual = 
injectValueStackFactory(interceptor);
+ValueStack stack = injectValueStack(actual);
+
+final Map expected = new HashMap() {
+{
+put("ordinary.bean", "value");
+}
+};
+
+Map parameters = new HashMap() {
+{
+put("ordinary.bean", "value");
+   

[struts] 01/01: WW-5112 Reduces logging in logic around missing resource key

[lukaszlenart]

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch WW-5112-reduce-logging
in repository https://gitbox.apache.org/repos/asf/struts.git

commit 0a0573952f1a50bc65d35f0eecc17625c522865f
Author: Lukasz Lenart 
AuthorDate: Sun Jan 23 10:38:12 2022 +0100

WW-5112 Reduces logging in logic around missing resource key
---
 .../xwork2/util/AbstractLocalizedTextProvider.java | 40 ++
 .../apache/struts2/util/TextProviderHelper.java|  5 ---
 2 files changed, 18 insertions(+), 27 deletions(-)

diff --git 
a/core/src/main/java/com/opensymphony/xwork2/util/AbstractLocalizedTextProvider.java
 
b/core/src/main/java/com/opensymphony/xwork2/util/AbstractLocalizedTextProvider.java
index fabb89c..5685d5e 100644
--- 
a/core/src/main/java/com/opensymphony/xwork2/util/AbstractLocalizedTextProvider.java
+++ 
b/core/src/main/java/com/opensymphony/xwork2/util/AbstractLocalizedTextProvider.java
@@ -306,13 +306,13 @@ abstract class AbstractLocalizedTextProvider implements 
LocalizedTextProvider {
 
 /**
  * A helper method for {@link ResourceBundle} bundle reload logic.
- * 
- * Uses standard {@link ResourceBundle} methods to clear the bundle caches 
for the 
+ *
+ * Uses standard {@link ResourceBundle} methods to clear the bundle caches 
for the
  * {@link ClassLoader} instances that this class is aware of at the time 
of the call.
- * 
- * The clearCache() methods have been available since Java 
1.6, so 
+ *
+ * The clearCache() methods have been available since Java 
1.6, so
  * it is anticipated the logic will work on any subsequent JVM versions.
- * 
+ *
  * @since 2.6
  */
 private void clearResourceBundleClassloaderCaches() {
@@ -326,14 +326,14 @@ abstract class AbstractLocalizedTextProvider implements 
LocalizedTextProvider {
 /**
  * "Hacky" helper method that attempts to clear the Tomcat 
ResourceEntry
  * {@link Map} using knowledge of the Tomcat source code.
- * 
- * It relies on the {@link #TOMCAT_RESOURCE_ENTRIES_FIELD} field name, 
base class name 
+ *
+ * It relies on the {@link #TOMCAT_RESOURCE_ENTRIES_FIELD} field name, 
base class name
  * {@link #TOMCAT_WEBAPP_CLASSLOADER_BASE}. and descendant class names 
{@link #TOMCAT_WEBAPP_CLASSLOADER},
  * {@link #TOMCAT_PARALLEL_WEBAPP_CLASSLOADER}, to keep the values 
identified in the constants.
  * It appears to be valid for Tomcat versions 7-10 so far, but could 
become invalid at any time in the future
  * when the resource handling logic in Tomcat changes.
- * 
- * Note: With Java 9+, calling this method may result in "Illegal 
reflective access" warnings.  Be aware 
+ *
+ * Note: With Java 9+, calling this method may result in "Illegal 
reflective access" warnings.  Be aware
  *   its logic may fail in a future version of Java that blocks the 
reflection calls needed for this method.
  */
 private void clearTomcatCache() {
@@ -367,10 +367,10 @@ abstract class AbstractLocalizedTextProvider implements 
LocalizedTextProvider {
 
 /**
  * Helper method that is intended to clear a {@link Map} instance by name.
- * 
+ *
  * This method relies on reflection to perform its operations, and may be 
blocked in Java 9 and later,
  * depending on the accessibility of the field.
- * 
+ *
  * @param cl The {@link Class} of the obj parameter.
  * @param obj The {@link Object} from which the named field is to be 
extracted (may be null for a static field).
  * @param name The name of the field containing a {@link Map} reference.
@@ -433,9 +433,9 @@ abstract class AbstractLocalizedTextProvider implements 
LocalizedTextProvider {
  * Set the {@link #searchDefaultBundlesFirst} flag state.  This flag may 
be used by descendant TextProvider
  * implementations to determine if default bundles should be searched for 
messages first (before the standard
  * flow of the {@link LocalizedTextProvider} implementation the descendant 
provides).
- * 
+ *
  * @param searchDefaultBundlesFirst provide {@link String} "true" or 
"false" to set the flag state accordingly.
- * 
+ *
  * @since 2.6
  */
 @Inject(value = StrutsConstants.STRUTS_I18N_SEARCH_DEFAULTBUNDLES_FIRST, 
required = false)
@@ -490,7 +490,7 @@ abstract class AbstractLocalizedTextProvider implements 
LocalizedTextProvider {
 }
 return bundle;
 }
-
+
 /**
  * Clears all the internal lists.
  *
@@ -566,17 +566,17 @@ abstract class AbstractLocalizedTextProvider implements 
LocalizedTextProvider {
  * against the default resource bundles.  The default resource bundles are 
searched for a value using key first, then
  * alternateKey when the first search fails, then utilizing defaultMessage 
(which may be null) if both
  * key lookup operations fail.
- * 
+ *
  * 
  * 

[struts] branch WW-5112-reduce-logging created (now 0a05739)

[lukaszlenart]

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a change to branch WW-5112-reduce-logging
in repository https://gitbox.apache.org/repos/asf/struts.git.


  at 0a05739  WW-5112 Reduces logging in logic around missing resource key

This branch includes the following new commits:

 new 0a05739  WW-5112 Reduces logging in logic around missing resource key

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot

[git-site-role]

This is an automated email from the ASF dual-hosted git repository.

git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/struts-site.git


The following commit(s) were added to refs/heads/asf-site by this push:
 new 5c963d2  Automatic Site Publish by Buildbot
5c963d2 is described below

commit 5c963d2a0881baa162d3d94ced1119c1476b8df1
Author: buildbot 
AuthorDate: Sun Jan 23 12:01:36 2022 +

Automatic Site Publish by Buildbot
---
 output/tag-developers/tag-syntax.html | 80 ++-
 1 file changed, 50 insertions(+), 30 deletions(-)

diff --git a/output/tag-developers/tag-syntax.html 
b/output/tag-developers/tag-syntax.html
index b202998..ea58e4b 100644
--- a/output/tag-developers/tag-syntax.html
+++ b/output/tag-developers/tag-syntax.html
@@ -149,6 +149,7 @@
   Passing a literal value 
the right way
   Expression Language 
Notations
   Disallowed property names
+  Escaping body of a tag
 
 
 The tags are designed to display dynamic data. To create a input field that 
displays the property “postalCode”, 
@@ -156,8 +157,8 @@ we’d pass the String “postalCode” to the textfield tag.
 
 Creating a dynamic input field
 
-
-
+
+
 
 If there is a “postalCode” property on the value stack, its value will be 
set to the input field. When the field is 
 submitted back to the framework, the value of the control will be set back to 
the “postalCode” property.
@@ -169,8 +170,8 @@ The expression escape sequence is %{ ... }Using an expression to set the 
label
 
-
-
+
+
 
 The expression language (OGNL) lets us call methods and 
evaluate properties. The method getText 
is provided 
 by ActionSupport, which is the base 
class for most Actions. Since the Action is on the stack, we can call any of 
its 
@@ -184,8 +185,8 @@ In this case, you do not need to use the escape notation. 
(But, if you do anyway
 
 Evaluating booleans
 
-
-
+
+
 
 Since the attribute multiple maps to 
a boolean property, the framework does not interpret the value as a String. 
 The value is evaluated as an expression and automtically converted to a 
boolean.
@@ -194,18 +195,18 @@ The value is evaluated as an expression and automtically 
converted to a boolean.
 
 Evaluating booleans (verbose)
 
-
-
+
+
 
 Evaluating booleans (with 
property)
 
-
-
+
+
 
 Evaluating booleans 
(verbose with property)
 
-
-
+
+
 
 value is an Object!
 
@@ -219,8 +220,8 @@ property to call to set the value. But, i
 
 Probably wrong!
 
-
-
+
+
 
 If a textfield is passed the value 
attribute ca, the framework will look 
for a property named getCa. Generally, 
 this is not what we mean. What we mean to do is pass a literal String. In the 
expression language, literals are placed 
@@ -228,8 +229,8 @@ within quotes
 
 Passing a literal value the 
right way
 
-
-
+
+
 
 Another approach would be to use the idiom value="'ca'", but, in this case, using the 
expression notation is recommended.
 
@@ -248,24 +249,24 @@ within quotes
 
 
   A JavaBean object in a standard context in Freemarker, Velocity, or JSTL 
EL (Not OGNL).
-Username: ${user.username}
-
+Username: ${user.username}
+
   
   A username property on the Value Stack.
-
-
+
+
   
   Another way to refer to a property placed on the Value Stack.
-
-  es
-
-Espanol
-
+
+  es
+
+Espanol
+
   
   A static Map, as in put("username","trillian").
-
-
-
+
+
+
   
 
 
@@ -285,8 +286,8 @@ within quotes
 
 The below code will not work:
 
-[struts-site] branch master updated: WW-5022 Adds note about escapeHtmlBody attribute


2022-01-23

Thread
lukaszlenart

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-site.git


The following commit(s) were added to refs/heads/master by this push:
 new 7b450c4  WW-5022 Adds note about escapeHtmlBody attribute
7b450c4 is described below

commit 7b450c4aaf29d412ac1ee656fad9bec0d03af0cf
Author: Lukasz Lenart 
AuthorDate: Sun Jan 23 13:01:00 2022 +0100

WW-5022 Adds note about escapeHtmlBody attribute
---
 source/tag-developers/tag-syntax.md | 44 ++---
 1 file changed, 31 insertions(+), 13 deletions(-)

diff --git a/source/tag-developers/tag-syntax.md 
b/source/tag-developers/tag-syntax.md
index 01cea23..8b20ddc 100644
--- a/source/tag-developers/tag-syntax.md
+++ b/source/tag-developers/tag-syntax.md
@@ -17,7 +17,7 @@ we'd pass the String "postalCode" to the textfield tag.
 
 ## Creating a dynamic input field
 
-```jsp
+```html
 
 ```
 
@@ -31,7 +31,7 @@ The expression escape sequence is `%{ ... }`.  Any text 
embedded in the escape s
 
 ### Using an expression to set the label
 
-```jsp
+```html
 
 ```
 
@@ -47,7 +47,7 @@ In this case, you do not need to use the escape notation. 
(But, if you do anyway
 
 ### Evaluating booleans
 
-```jsp
+```html
 
 ```
 
@@ -58,19 +58,19 @@ Since it's easy to forget which attributes are String and 
which are non-String,
 
 ### Evaluating booleans (verbose)
 
-```jsp
+```html
 
 ```
 
 ### Evaluating booleans (with property)
 
-```jsp
+```html
 
 ```
 
 ### Evaluating booleans (verbose with property)
 
-```jsp
+```html
 
 ```
 
@@ -84,7 +84,7 @@ property to call to set the `value`. But, if there is a 
reason to set the `value
 
 ## Probably wrong!
 
-```jsp
+```html
 
 ```
 
@@ -94,7 +94,7 @@ within quotes
 
 ## Passing a literal value the right way
 
-```jsp
+```html
 
 ```
 
@@ -112,22 +112,22 @@ Please remember about _altSyntax_ option that can change 
when value is evaluated
 ## Expression Language Notations
 
 - A JavaBean object in a standard context in Freemarker, Velocity, or JSTL EL 
(Not OGNL).
-  ```jsp
+  ```html
   Username: ${user.username}
   ```
 - A username property on the Value Stack.
-  ```jsp
+  ```html
   
   ```
 - Another way to refer to a property placed on the Value Stack.
-  ```jsp
+  ```html
   
 es
   
   Espanol
   ```
 - A static Map, as in `put("username","trillian")`.
-  ```jsp
+  ```html
   
   
   ```
@@ -146,7 +146,7 @@ The following names of property are disallowed:
 
 The below code will not work:
 
-```jsp
+```html
 
 ```
 
@@ -163,3 +163,21 @@ public class MyAction {
 }
 
 ```
+
+## Escaping body of a tag
+
+Since Struts 2.6 and migration to the latest Freemarker version (which enables 
auto-escaping by default) you should 
+stop using `?html` in your custom tags and freemarker based pages. You can 
also automatically escape body of the following
+tags by setting `escapeHtmlBody` attribute to true:
+ - ``
+ - ``
+ - ``
+
+There is a new global flag `struts.ui.escapeHtmlBody` which controls this 
behaviour for all the above tags.
+Yet the attribute `escapeHtmlBody` always takes precedence over the flag.
+
+```html
+
+  
+
+```





[struts] branch master updated (e59abe4 -> 1e32510)


2022-01-23

Thread
lukaszlenart

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/struts.git.


from e59abe4  WW-5164 Removes deprecated class
 add ecef56b  WW-5022 Sets escapeHtmlBody to false by default and defines 
new flag to switch to true globally
 add 7a69652  WW-5022 Documents that setting escapeHtmlBody per tag takes 
precedence over global flag
 add effe687  WW-5022 Pass escapeHtmlBody flag to JavaTemplates tags
 add 61e6d34  WW-5022 Cleans up escapeHtmlBody flag with default value
 new 1e32510  Merge pull request #523 from apache/WW-5022-escape-false

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../src/main/webapp/WEB-INF/decorators/main.jsp|   4 +-
 .../src/main/webapp/WEB-INF/filedownload/index.jsp |   4 +-
 .../main/webapp/WEB-INF/hangman/hangmanNonAjax.ftl |   4 +-
 .../src/main/webapp/WEB-INF/person/new-person.ftl  |   2 +-
 .../tags/non-ui/actionPrefix/actionPrefix.ftl  |   2 +-
 .../non-ui/actionPrefix/actionPrefixExample.ftl|   8 +-
 .../tags/non-ui/actionPrefix/methodPrefix.ftl  |   4 +-
 .../tags/non-ui/actionPrefix/normalSubmit.ftl  |   4 +-
 .../non-ui/actionPrefix/redirectActionPrefix.ftl   |   4 +-
 .../iteratorTag/appendIteratorTagDemoResult.jsp|   2 +-
 .../iteratorTag/iteratorGeneratorTagDemoResult.jsp |   2 +-
 .../iteratorTag/mergeIteratorTagDemoResult.jsp |   2 +-
 .../iteratorTag/subsetIteratorTagDemoResult.jsp|   2 +-
 .../src/main/webapp/WEB-INF/token/example4.ftl |   2 +-
 core/pom.xml   |   2 +-
 .../java/org/apache/struts2/StrutsConstants.java   |   4 +
 .../java/org/apache/struts2/components/Anchor.java |  20 +---
 .../org/apache/struts2/components/Component.java   |  22 ++--
 .../java/org/apache/struts2/components/Submit.java |  25 ++--
 .../org/apache/struts2/views/jsp/ui/AnchorTag.java |  18 +--
 .../org/apache/struts2/views/jsp/ui/SubmitTag.java |   8 +-
 .../org/apache/struts2/default.properties  |   7 +-
 core/src/site/resources/tags/a-attributes.html |   2 +-
 .../src/site/resources/tags/submit-attributes.html |   2 +-
 .../apache/struts2/components/ComponentTest.java   | 133 -
 .../apache/struts2/views/jsp/ui/AnchorTest.java|  71 ---
 .../apache/struts2/views/jsp/ui/CheckboxTest.java  |   4 +-
 .../org/apache/struts2/views/jsp/ui/FileTest.java  |   4 +-
 .../apache/struts2/views/jsp/ui/SubmitTest.java|   9 +-
 .../apache/struts2/views/jsp/ui/TextareaTest.java  |   4 +-
 .../ng/struts-no-op.xml => struts-escape-body.xml} |   8 +-
 .../views/java/DefaultTagHandlerFactory.java   |  13 +-
 .../struts2/views/java/simple/AnchorHandler.java   |   6 +-
 .../struts2/views/java/simple/SimpleTheme.java |   6 +-
 .../struts2/views/java/simple/SubmitHandler.java   |  14 ++-
 .../struts2/views/java/simple/AnchorTest.java  |  36 ++
 36 files changed, 259 insertions(+), 205 deletions(-)
 copy 
core/src/test/resources/{org/apache/struts2/dispatcher/ng/struts-no-op.xml => 
struts-escape-body.xml} (87%)





[struts] 01/01: Merge pull request #523 from apache/WW-5022-escape-false


2022-01-23

Thread
lukaszlenart

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts.git

commit 1e32510ea659344f36fefe2944ba7432b3e50f41
Merge: e59abe4 61e6d34
Author: Lukasz Lenart 
AuthorDate: Sun Jan 23 13:02:48 2022 +0100

Merge pull request #523 from apache/WW-5022-escape-false

[WW-5022] Sets escapeHtmlBody to false by default and defines a new flag

 .../src/main/webapp/WEB-INF/decorators/main.jsp|   4 +-
 .../src/main/webapp/WEB-INF/filedownload/index.jsp |   4 +-
 .../main/webapp/WEB-INF/hangman/hangmanNonAjax.ftl |   4 +-
 .../src/main/webapp/WEB-INF/person/new-person.ftl  |   2 +-
 .../tags/non-ui/actionPrefix/actionPrefix.ftl  |   2 +-
 .../non-ui/actionPrefix/actionPrefixExample.ftl|   8 +-
 .../tags/non-ui/actionPrefix/methodPrefix.ftl  |   4 +-
 .../tags/non-ui/actionPrefix/normalSubmit.ftl  |   4 +-
 .../non-ui/actionPrefix/redirectActionPrefix.ftl   |   4 +-
 .../iteratorTag/appendIteratorTagDemoResult.jsp|   2 +-
 .../iteratorTag/iteratorGeneratorTagDemoResult.jsp |   2 +-
 .../iteratorTag/mergeIteratorTagDemoResult.jsp |   2 +-
 .../iteratorTag/subsetIteratorTagDemoResult.jsp|   2 +-
 .../src/main/webapp/WEB-INF/token/example4.ftl |   2 +-
 core/pom.xml   |   2 +-
 .../java/org/apache/struts2/StrutsConstants.java   |   4 +
 .../java/org/apache/struts2/components/Anchor.java |  20 +---
 .../org/apache/struts2/components/Component.java   |  22 ++--
 .../java/org/apache/struts2/components/Submit.java |  25 ++--
 .../org/apache/struts2/views/jsp/ui/AnchorTag.java |  18 +--
 .../org/apache/struts2/views/jsp/ui/SubmitTag.java |   8 +-
 .../org/apache/struts2/default.properties  |   7 +-
 core/src/site/resources/tags/a-attributes.html |   2 +-
 .../src/site/resources/tags/submit-attributes.html |   2 +-
 .../apache/struts2/components/ComponentTest.java   | 133 -
 .../apache/struts2/views/jsp/ui/AnchorTest.java|  71 ---
 .../apache/struts2/views/jsp/ui/CheckboxTest.java  |   4 +-
 .../org/apache/struts2/views/jsp/ui/FileTest.java  |   4 +-
 .../apache/struts2/views/jsp/ui/SubmitTest.java|   9 +-
 .../apache/struts2/views/jsp/ui/TextareaTest.java  |   4 +-
 .../src/test/resources/struts-escape-body.xml  |  33 ++---
 .../views/java/DefaultTagHandlerFactory.java   |  13 +-
 .../struts2/views/java/simple/AnchorHandler.java   |   6 +-
 .../struts2/views/java/simple/SimpleTheme.java |   6 +-
 .../struts2/views/java/simple/SubmitHandler.java   |  14 ++-
 .../struts2/views/java/simple/AnchorTest.java  |  36 ++
 36 files changed, 262 insertions(+), 227 deletions(-)