Gsp pages preserve html tags when replacing with string

Question

I am using grails 2.3

<td>${params?.query?name.replace(params.query,'<span>'+params.query+'</span>'):name}</td>

In the above statement of a gsp page, i want to highlight the name property if params.query value is available. But the generated code contains html equivalent characters.

<td>&lt;span&gt;Mess&lt;/span&gt;age</td>

how to display like below in gsp page. In 1.3 version it worked. but in 2.3 version the same code looks like above. i want to display it as,

<span>message</span>

Answer 1

You probably have this setting in your Config.groovy:

grails.views.default.codec = "html"

It means that in all ${} expressions in GSPs, special HTML characters like '<' and '>' will be encoded. In general this is a reasonable setting because it prevents XSS attacks.

If you need to avoid this default behaviour for one specific expression, you can use this:

<td><%=params?.query?name.replace(params.query,'<span>'+params.query+'</span>'):name%></td>

Answer 2

You could write:

<td>
<g:if test="${params?.query}">
    <span>${params.query}</span>
</g:if>
<g:else>
    ${name}
</g:else>
</td>

Answer 3

I think that's something you can configure in Config.groovy

try following setting

grails.views.default.codec = "html"