Summary: | TLV error messages should not contain HTML | ||
---|---|---|---|
Product: | Taglibs | Reporter: | Hans Bergsten <hans> |
Component: | Standard Taglib | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | CLOSED FIXED | ||
Severity: | major | ||
Priority: | P3 | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All |
Description
Hans Bergsten
2002-02-07 05:19:32 UTC
Thanks again for the report, Hans. To my knowledge, there shouldn't be any HTML elements in the TLV's error messages. Do you mean HTML entity references? For instance, we never use anything like "You made a very <b>bad</b> error," but we do say: Illegal 'scope' attribute without 'var' in <{0}> Should this instead be Illegal 'scope' attribute without 'var' in <{0}> ? Also, are we sure Tomcat is compliant in this regard? I'd hate to have portions of the message disappear because another container passed the brackets through. :) Thanks again. You're right: what I saw were HTML entity references, not HTML elements. Sloppy analysis on my part ;-) AFAIK, the spec doesn't say how the strings returned by a TLV should be presented by the container, so to be safe I would stick to non-special characters. Tomcat 4.0.1 obviously converts them to HTML entities, e.g. & to &, and that's why it doesn't look right. How about avoiding the trickiest characters (&, <, >) and use something like this instead: Illegal 'scope' attribute without 'var' in '{0}' Good thought; the metacharacters aren't necessary, so I've just avoided them (using terminology like "c:forEach" tag instead of <c:forEach> ). (The double-quotes are important because I think single quotes nullify the {} replacement.) |