search

eclipse-ee4j / mojarra

Mojarra, a Jakarta Faces implementation
Other
162 stars 109 forks source link

Ajax render causes 'emptyResponse' error if form contains an CDATA section - Mojarra 2.3.9.SP01 #4739

Closed Toru47 closed 2 years ago

Toru47 commented 4 years ago

If a form contains an CDATA section, e.g. in javascript code, than the server answer is corrupted and throws an

emptyResponse: An empty response was received from the server. Check server error logs.

The problem in Mojarra 2.3.9.SP01 is that the CDATA section isn't removed by the server. So there's an CDATA section embedded into another one what is syntactically not permitted. In Mojarra 2.3.3.SP1 no such problems because the CDATA section is removed by the server.

Example (test.xhtml):

<!DOCTYPE html>
<html
  xmlns="http://www.w3.org/1999/xhtml"
  xmlns:ui="http://xmlns.jcp.org/jsf/facelets"
  xmlns:f="http://xmlns.jcp.org/jsf/core"
  xmlns:h="http://xmlns.jcp.org/jsf/html"
  xmlns:c="http://xmlns.jcp.org/jsp/jstl/core">
<h:head>
</h:head>
<h:body>
  <h:form>
    <h:commandButton value="Test">
      <f:ajax
        execute="@form"
        render="@form" />
    </h:commandButton>
    <script>
    /*<![CDATA[*/
      alert('test');
    /*]]>*/
    </script>
  </h:form>
</h:body>
</html>

Response - Mojarra 2.3.3.SP1 - okay - CDATA was removed:

<?xml version='1.0' encoding='UTF-8'?>
<partial-response><changes><update id="j_idt4"><![CDATA[
<form id="j_idt4" name="j_idt4" method="post" action="/test/test.xhtml" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="j_idt4" value="j_idt4" />
<input id="j_idt4:j_idt5" type="submit" name="j_idt4:j_idt5" value="Test" onclick="mojarra.ab(this,event,'action','@form','@form');return false" />
    <script>
    alert('test');
</script>
</form>]]></update><update id="j_id1:javax.faces.ViewState:0"><![CDATA[-5237435465663827461:-7676839527617383925]]></update></changes></partial-response>

Response - Mojarra 2.3.9.SP01 - not okay - CDATA wasn't removed:

<?xml version='1.0' encoding='UTF-8'?>
<partial-response><changes><update id="j_idt4"><![CDATA[
<form id="j_idt4" name="j_idt4" method="post" action="/test/test.xhtml" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="j_idt4" value="j_idt4" />
<input id="j_idt4:j_idt5" type="submit" name="j_idt4:j_idt5" value="Test" onclick="mojarra.ab(this,event,'action','@form','@form');return false" />
    <script>
/*<![CDATA[*/
    alert('test');
/*]]>*/
</script>
</form>]]></update><update id="j_id1:javax.faces.ViewState:0"><![CDATA[-7044017502960472393:-1784651330818011011]]></update></changes></partial-response>

It seems to be a bug: https://stackoverflow.com/a/7959215

BalusC commented 2 years ago

Reproduced as described. It works indeed fine in 2.3.3 and indeed broke as described in 2.3.4. But then it was fixed again in 2.3.13. It still works fine in current 2.3.17.

Closing off as already fixed.