Spring Framework
  1. Spring Framework
  2. SPR-7041

Provide simple means to escape bean value expressions to prevent SpEL parsing

    Details

    • Type: Improvement Improvement
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 3.0.1
    • Fix Version/s: General Backlog
    • Component/s: None
    • Labels:
      None

      Description

      There appear to be no (documented) means to escape value expressions from being evaluated.
      There may be situations where #{} is included in a bean property value (such as a String containing ognl) which the developer wishes to keep as part of the value, rather than being evaluated by the container.
      This applies primarily to Strings rather than objects.

      My suggested solution would be to interpret a backslash in front of #{} or ${} as escapes, so that expressions with this prefix are not evaluated. The escaping backslash should be removed in the final result. If the backslash is part of the value, it needs to be escaped itself (
      ).

      Let me know if I have missed something or if such facility already exists (other than using something like #{' #

      {not evaluated}

      '})

        Activity

        Hide
        Igor Mukhin added a comment -

        Have the same problem:

        <bean class="XXX.jsf.quicklink.QuickLink">
        	<constructor-arg name="path" value="pl" />
        	<constructor-arg name="pattern" value="#{publicActions.passwordSetForm.username}/#{publicActions.passwordSetForm.passLinkTicket}" />
        	<constructor-arg name="viewId" value="/public/setPassword.jsf" />
        	<constructor-arg name="action" value="#{publicActions.startPasswordLink()}" />
        </bean>
        

        I don't want the expressions to be executed now. I will execute them later. But there is not way to escape them.

        Show
        Igor Mukhin added a comment - Have the same problem: <bean class="XXX.jsf.quicklink.QuickLink"> <constructor-arg name="path" value="pl" /> <constructor-arg name="pattern" value="#{publicActions.passwordSetForm.username}/#{publicActions.passwordSetForm.passLinkTicket}" /> <constructor-arg name="viewId" value="/public/setPassword.jsf" /> <constructor-arg name="action" value="#{publicActions.startPasswordLink()}" /> </bean> I don't want the expressions to be executed now. I will execute them later. But there is not way to escape them.

          People

          • Assignee:
            Unassigned
            Reporter:
            Thomas Timbul
            Last updater:
            Trevor Marshall
          • Votes:
            5 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Days since last comment:
              3 years, 20 weeks, 5 days ago