Grails - avoiding conversion when rendering variable value in GSP

StackOverflow https://stackoverflow.com/questions/22476480

  •  16-06-2023
  •  | 
  •  

Question

I'm porting an older grails application to the new version (2.3.7), and I'm getting an error I don't know how to fix... Anyone here got any ideas?

On one of the webpages, I have a semi-large javascript calculating amounts. The site is multi-language, so the calculation and formatting of the amount is country-dependant. The code looks something like this:

<script type="text/javascript">
<!--

  ... a lot of other javascript

// format an amount to display - country dependant

function formatAmount (amount) {
${country.javaScriptAmount}
}

  ... a lot of other javascript

//-->
</script>

The code for formatting amounts is in the per-country-constants variable "country" - it's a constant string (and declared "final"). In the old grails-version this worked fine, and the rendered page look like this:

// format an amount to display - country dependant

function formatAmount (amount) {

  ... other code

  var krString
  if (kkr > 0)
    if (kronor < 10)
      krString = kkr + " 00" + kronor
    else if (kronor < 100)
      krString = kkr + " 0" + kronor
    else
      krString = kkr + " " + kronor
    else
      krString = kronor.toString ()

  ... other code

}

But in the new version it looks like this:

function formatAmount (amount) {

  ... other code

  var krString
  if (kkr &gt; 0)
    if (kronor &lt; 10)
      krString = kkr + &quot; 00&quot; + kronor
    else if (kronor &lt; 100)
      krString = kkr + &quot; 0&quot; + kronor
    else
      krString = kkr + &quot; &quot; + kronor
    else
      krString = kronor.toString ()

  ... other code

}

How can I stop grails from converteing /" to >/</" when rendering the value of a variable in the GSP-file? I'd be most grateful for some advice! :-)

Anders from Sweden

Was it helpful?

Solution

To prevent Cross Site Scripting grails escapes all content in ${} expressions.

You could force grails to stop encoding your expressions by using the raw codec like this:

${raw(country.javaScriptAmount)}

or 

<g:encodeAs codec="Raw">
    ${country.javaScriptAmount}
</g:encodeAs>

or

${country.javaScriptAmount.encodeAsRaw()}

OTHER TIPS

there is a config variable to control the default encoding on all GSP pages:

grails.views.default.codec = "none" // none, html, base64
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top