utext and HTML escaping some parameters #891
Unanswered
jameskennard
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
I'm using message properties that contain some basic HTML markup and parameters e.g.
some.message=Hello <strong>{0}</strong>
. To output this I then use utext so that I don't lose the HTML formatting, but this means that the parameters should be HTML escaped first (as per the docs - https://www.thymeleaf.org/doc/tutorials/3.0/usingthymeleaf.html#messages).Under the hood the the:text processor uses
HtmlEscape.escapeHtml4Xml
from a 3rd party library. You can get to this easily by using#strings.escapeXml
(which despite the name is usingHtmlEscape.escapeHtml4Xml
). I appreciate that the HTML is XML encoded, but it seems a bit odd to ask for XML escaping in an HTML template and there is no#strings.escapeHtml
.So I've done this:
Is there a best-practice way of escaping these parameters?
Thanks
Beta Was this translation helpful? Give feedback.
All reactions