| Summary: | TLV error messages should not contain HTML | ||
|---|---|---|---|
| Product: | Taglibs | Reporter: | Hans Bergsten <hans> |
| Component: | Standard Taglib | Assignee: | Tomcat Developers Mailing List <dev> |
| Status: | CLOSED FIXED | ||
| Severity: | major | ||
| Priority: | P3 | ||
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | All | ||
|
Description
Hans Bergsten
2002-02-07 05:19:32 UTC
Thanks again for the report, Hans.
To my knowledge, there shouldn't be any HTML elements in the TLV's error
messages. Do you mean HTML entity references? For instance, we never use
anything like "You made a very <b>bad</b> error," but we do say:
Illegal 'scope' attribute without 'var' in <{0}>
Should this instead be
Illegal 'scope' attribute without 'var' in <{0}>
? Also, are we sure Tomcat is compliant in this regard? I'd hate to have
portions of the message disappear because another container passed the brackets
through. :)
Thanks again.
You're right: what I saw were HTML entity references, not HTML elements. Sloppy
analysis on my part ;-) AFAIK, the spec doesn't say how the strings returned
by a TLV should be presented by the container, so to be safe I would stick to
non-special characters. Tomcat 4.0.1 obviously converts them to HTML entities,
e.g. & to &, and that's why it doesn't look right. How about avoiding the
trickiest characters (&, <, >) and use something like this instead:
Illegal 'scope' attribute without 'var' in '{0}'
Good thought; the metacharacters aren't necessary, so I've just avoided
them (using terminology like
"c:forEach" tag
instead of
<c:forEach>
). (The double-quotes are important because I think single quotes
nullify the {} replacement.)
|