I'm migrating some JSF portlets from Liferay 6.2 / Liferay Faces 3.2.4-GA5 to Liferay 7.0.3 / Mojarra 2.2.13 / Liferay Faces Bridge 4.0.0.

      I stumbled on a problem with a portlet which uses the <f:ajax>, because the jsf-resource-link is encoded twice:

      <script src="http://localhost:8080/web/guest/home?p_p_id=myportlet_WAR_myportlets&amp;amp;p_p_lifecycle=2&amp;amp;p_p_state=normal&amp;amp;p_p_mode=view&amp;amp;p_p_cacheability=cacheLevelPage&amp;amp;p_p_col_id=column-1&amp;amp;p_p_col_pos=3&amp;amp;p_p_col_count=4&amp;amp;_myportlet_WAR_myportlets_javax.faces.resource=jsf.js&amp;amp;_myportlet_WAR_myportlets_ln=javax.faces&amp;amp;_myportlet_WAR_myportlets_stage=Development" type="text/javascript"/></script>

      I tracked the problem down to HeadResponseWriterBase.writeURIAttribute which tries to escape XML-characters. That makes no sense, as the result is afterwards added as an attribute to an XML element which will eventually be escaped again.

      This was introduced with FACES-2075, which says 

      According to the JavaDocs for ResponseWriter.writeURIAttribute(java.lang.String, java.lang.Object, java.lang.String), the specified URI value must be escaped.

      This is partly true, the JavaDoc talks especially about URI escaping. The part about escaping
      appropriate to the markup language is the same for nearly all write... methods - nothing special for URIs here.

      I wonder how this wasn't noticed before. Maybe the demo portlet should contain an AJAX example as well?




            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created: