WW-5022 Documents that setting escapeHtmlBody per tag takes precedenc…

…e over global flag
schsli · Jan 4, 2022 · 7a69652 · 7a69652
1 parent ecef56b
commit 7a69652
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 1 deletion.
diff --git a/core/src/main/resources/org/apache/struts2/default.properties b/core/src/main/resources/org/apache/struts2/default.properties
@@ -151,6 +151,11 @@ struts.ui.theme.expansion.token=~~~
 ### Sets the default template type. Either ftl, vm, or jsp
 struts.ui.templateSuffix=ftl
 
+### Sets a global flag which will escape html body of Anchor, Submit and Component tag
+### You can control this flag per tag, e.g.: <s:a ... escapeHtmlTag="true">...</s:a>
+### and this take precedence over the global flag
+# struts.ui.escapeHtmlBody=true
+
 ### Configuration reloading
 ### This will cause the configuration to reload struts.xml when it is changed
 # struts.configuration.xml.reload=false
@@ -230,7 +235,7 @@ struts.handle.exception=true
 
 ### Applies maximum length allowed on OGNL expressions for security enhancement (optional)
 ###
-### **WARNING**: If developers enable this option (by configuration) they should make sure that they understand the implications of setting 
+### **WARNING**: If developers enable this option (by configuration) they should make sure that they understand the implications of setting
 ###   struts.ognl.expressionMaxLength.  They must choose a value large enough to permit ALL valid OGNL expressions used within the application.
 ###   Values larger than the 200-400 range have diminishing security value (at which point it is really only a "style guard" for long OGNL
 ###   expressions in an application.  Setting a value of null or "" will also disable the feature.

diff --git a/core/src/test/java/org/apache/struts2/views/jsp/ui/AnchorTest.java b/core/src/test/java/org/apache/struts2/views/jsp/ui/AnchorTest.java
@@ -298,4 +298,27 @@ public void testInjectEscapeHtmlBodyFlag() throws Exception {
         tag.doEndTag();
     }
 
+    public void testTagAttributeTakesPrecedenceOverInjectEscapeHtmlBodyFlag() throws Exception {
+        // given
+        initDispatcherWithConfigs("struts-default.xml, struts-escape-body.xml");
+        String escapeHtmlBody = container.getInstance(String.class, StrutsConstants.STRUTS_UI_ESCAPE_HTML_BODY);
+        assertEquals("true", escapeHtmlBody);
+
+        createMocks();
+
+        createAction();
+
+        AnchorTag tag = createTag();
+        tag.setEscapeHtmlBody("false");
+
+        // when
+        tag.doStartTag();
+
+        // then
+        Anchor component = (Anchor) tag.getComponent();
+        assertFalse(component.escapeHtmlBody());
+
+        tag.doEndTag();
+    }
+
 }