About Hubert Ikkink

My name is Hubert A. Klein Ikkink also known as mrhaki. I work at the great IT company JDriven. Here I work on projects with Groovy & Grails, Gradle and Spring. At JDriven we focus on SpringSource technologies. All colleagues want to learn new technologies, support craftmanship and are very eager to learn. This is truly a great environment to work in.

Grails Goodness: Generating Raw Output with Raw Codec

Since Grails 2.3 all ${} expression output is automatically escaped on GSPs. This is very useful, because user input is now escaped and any HTML or JavaScript in the input value is escaped and not interpreted by the browser as HTML or JavaScript. This is done so our Grails application is protected from Cross Site Scripting (XSS) attacks.

But sometimes we do want to output unescaped HTML content in the web browser. For example we generate the value ourselves and we know the value is safe and cannot be misused for XSS attacks. In Grails 2.3 we can use a new raw() method in our GSPs, tag libraries or controllers. The method will leave the content unchanged and return the unescaped value to be displayed. Alternatively we can use encodeAsRaw() on the content we want to leave unescaped. Finally the encodeAs tag accepts Raw or None as values for the attribute codec and will return the unescaped value.

In the following sample GSP we display the value of the content model property passed to the page. The value is set by a controller and is <em>sample</em> content.

...
  <h2>Raw output samples</h2>
 
  <table>
      <tr><th>Expression</th><th>Result</th></tr>
      <tr>
          <td>${'${content}'}</td>
          <td>${content}</td>
      </tr>
      <tr>
          <td>${'${raw(content)}'}</td>
          <td>${raw(content)}</td></tr>
      <tr>
          <td>${'${content.encodeAsRaw()}'}</td>
          <td>${content.encodeAsRaw()}</td>
      </tr>
      <tr>
          <td>${'<g:encodeAs codec="Raw">${content}</g:encodeAs>'}</td>
          <td><g:encodeAs codec="Raw">${content}</g:encodeAs></td>
      </tr>
      <tr>
          <td>${'<g:encodeAs codec="None">${content}</g:encodeAs>'}</td>
          <td><g:encodeAs codec="None">${content}</g:encodeAs></td>
      </tr>
  </table>
...

In our web browser we see the following output:

Code written with Grails 2.3.

Code written with Grails 2.3.


 

Reference: Grails Goodness: Generating Raw Output with Raw Codec from our JCG partner Hubert Ikkink at the JDriven blog.
Related Whitepaper:

Java Essential Training

Author David Gassner explores Java SE (Standard Edition), the language used to build mobile apps for Android devices, enterprise server applications, and more!

The course demonstrates how to install both Java and the Eclipse IDE and dives into the particulars of programming. The course also explains the fundamentals of Java, from creating simple variables, assigning values, and declaring methods to working with strings, arrays, and subclasses; reading and writing to text files; and implementing object oriented programming concepts. Exercise files are included with the course.

Get it Now!  

One Response to "Grails Goodness: Generating Raw Output with Raw Codec"

  1. libifier says:

    it help me. thanks!!!!

Leave a Reply


− 5 = three



Java Code Geeks and all content copyright © 2010-2014, Exelixis Media Ltd | Terms of Use
All trademarks and registered trademarks appearing on Java Code Geeks are the property of their respective owners.
Java is a trademark or registered trademark of Oracle Corporation in the United States and other countries.
Java Code Geeks is not connected to Oracle Corporation and is not sponsored by Oracle Corporation.

Sign up for our Newsletter

15,153 insiders are already enjoying weekly updates and complimentary whitepapers! Join them now to gain exclusive access to the latest news in the Java world, as well as insights about Android, Scala, Groovy and other related technologies.

As an extra bonus, by joining you will get our brand new e-books, published by Java Code Geeks and their JCG partners for your reading pleasure! Enter your info and stay on top of things,

  • Fresh trends
  • Cases and examples
  • Research and insights
  • Two complimentary e-books