1. #1
    Sencha User
    Join Date
    Jan 2012
    Posts
    18
    Vote Rating
    0
    Olaus is on a distinguished road

      0  

    Default Unanswered: Conditional CSS in XTemplate

    Unanswered: Conditional CSS in XTemplate


    In an XTemplate I have a boolean that determince if a css name should be present in a div or not.
    But I get the following error message

    [ERROR] [gxt3test] - SafeHtml used in a non-text context. Did you mean to use java.lang.String or SafeStyles instead?

    Java:
    Code:
    public class TemplTest { public interface Renderer extends XTemplates {
      @XTemplate(source = "template.html")
      public SafeHtml render(boolean css,Style style);
     }
     
     interface Resources extends ClientBundle {
      @Source("Test.css")
      Style css();
     }
     interface Style extends CssResource {
      String test();
     }
     
     @SuppressWarnings("unused")
     public TemplTest() {
      Renderer renderer = GWT.create(Renderer.class);
      final Resources resources = GWT.create(Resources.class);
      resources.css().ensureInjected();
      Style style = resources.css();
      SafeHtml html = renderer.render(true,style);
     }
    }
    template.html
    Code:
    <div class='<tpl if='css'>{style.test}</tpl>'></div>
    Test.css
    Code:
    .test {
        position: relative;
    }

  2. #2
    Sencha User twisted_pear's Avatar
    Join Date
    Aug 2010
    Location
    North Carolina
    Posts
    23
    Vote Rating
    0
    twisted_pear is on a distinguished road

      0  

    Default


    I was having this issue with GWT this morning. Here is the deal:


    "<div style=\"{0}\" class=\"{2}\"><label debugId=\"{3}\">{1}</label></div>"

    * {0} is a style, so must be a SafeStyles type
    * {1} is the content of an HTML element, so must be SafeHtml type
    * {2} is the a class name, not HTML or a style, so must be String type
    * {3} is the a non-standard attribute, not HTML or a style, so must be String‚Äč type

    Your error is being caused by the 2/3 cases. It is not documented well but should fix your issue.

    Seems odd to me, since you could do an injection attack here like {2}=' " /><evilHtml/><div ' Not sure why the don't let you escape the classnames.


    Sincerely,
    Joe

  3. #3
    Sencha - GXT Dev Team
    Join Date
    Feb 2009
    Location
    Minnesota
    Posts
    2,731
    Answers
    109
    Vote Rating
    90
    Colin Alworth is a glorious beacon of light Colin Alworth is a glorious beacon of light Colin Alworth is a glorious beacon of light Colin Alworth is a glorious beacon of light Colin Alworth is a glorious beacon of light

      0  

    Default


    Olaus: This is one part a limitation with XTemplates, stemming from the fact that we build on GWT's SafeHtmlTemplates, and one part 'not valid xml' - you can't put a template tag within the body of another tag.

    Instead, a few other options:
    * Make the String parameter to your template optionally blank to leave out the class name
    * Make two divs, each with its own <tpl> parent, one for the positive case, one for the negative.
    * (not always possible) Add the css class after the template has rendered.



    twisted_pear: I think you'll find that won't actually work - If it is a String being inserted, GWT will make the necessary changes to prevent this from escaping the attribute.

    Along these same lines, I don't believe it will allow SafeHtml to be inserted within the tag body of another tag, only between two existing tags. Additionally, if there is a SafeHtml object with the contents
    Code:
    " /><evilHtml/><div
    then your app has escaped something that shouldn't be escaped, or GWT's SafeHtml tools have a major bug in them.

Thread Participants: 2