You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are uses for having the tags return results in other encodings. For example, returning an MD5 hash of the logged-in user's email field to send direct in a Gravatar image link. Or even returning as raw so that the hash could then be computed manually on a non-HTML encoded email address (which changes the @ to an HTML entity).
Because the tags are explicitly handling the encoding, using raw() doesn't help—the output has already been encoded by the time raw() can get it. The canned Grails tags (g:) supposedly (according to documentation) support an encodeAs attribute to override the default encoding. That could also be an option.
For your consideration. Thanks!
The text was updated successfully, but these errors were encountered:
Currently, it appears all the tags in the
sec:taglib very explicitly callencodeAsHTML()on any output they return.https://github.com/grails-plugins/grails-spring-security-core/blob/071b036101fc2a20f71816ece9fc603caff74a80/plugin/grails-app/taglib/grails/plugin/springsecurity/SecurityTagLib.groovy#L124
There are uses for having the tags return results in other encodings. For example, returning an MD5 hash of the logged-in user's email field to send direct in a Gravatar image link. Or even returning as raw so that the hash could then be computed manually on a non-HTML encoded email address (which changes the
@to an HTML entity).Because the tags are explicitly handling the encoding, using
raw()doesn't help—the output has already been encoded by the timeraw()can get it. The canned Grails tags (g:) supposedly (according to documentation) support anencodeAsattribute to override the default encoding. That could also be an option.For your consideration. Thanks!
The text was updated successfully, but these errors were encountered: