[
https://issues.apache.org/jira/browse/SLING-12808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17954552#comment-17954552
]
Konrad Windszus commented on SLING-12808:
-----------------------------------------
The implementation currently uses
https://github.com/apache/sling-org-apache-sling-scripting-sightly/blob/830368475ba100e3bde18be49a73f79b1b927c14/src/main/java/org/apache/sling/scripting/sightly/impl/engine/extension/XSSRuntimeExtension.java#L96.
The javadoc of
https://sling.apache.org/apidocs/sling13/org/apache/sling/xss/XSSAPI.html#encodeForHTML(java.lang.String)
is not very clear though. I tend to say this is rather a bug inside the XSSApi.
> HTL display context "text" doesn't encode spaces
> ------------------------------------------------
>
> Key: SLING-12808
> URL: https://issues.apache.org/jira/browse/SLING-12808
> Project: Sling
> Issue Type: Bug
> Components: HTL
> Reporter: Konrad Windszus
> Priority: Major
>
> According to
> https://github.com/adobe/htl-spec/blob/1.4/SPECIFICATION.md#121-display-context
> the context {{text}} should be used ...
> bq. for simple HTML content - Encodes all HTML
> However this doesn't escape regular spaces. Particularly not consecutive
> spaces which are otherwise rendered as a single space as mandated by the HTML
> spec. I think this context needs to replace at least all leading/tailing
> spaces with {{&npsp;}} and also multiple consecutive spaces appearing
> anywhere else.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
