@ context is not escaping single quotes

Question

@ context is not escaping single quotes

Closed this issue 6 years ago · 2 comments

This code example where properties.titleLeft = GET 50% OFF ANY M'EDIUM OR L"AR"GE PIZZA!

<a href="#" onclick="trackPromoCta('${properties.titleLeft @ context='html'}')">Text</a>
<a href="#" onclick="trackPromoCta('${properties.titleLeft @ context='attribute'}')">Text</a>
<a href="#" onclick="trackPromoCta('${properties.titleLeft @ context='text'}')">Text</a>

Produces

<a href="#" onclick="trackPromoCta('Get 50% off any m'edium or l&quot;ar&quot;ge pizza!')">Text</a>

The single quote is not encoded as an HTML entity, therefore this function causes an error on button click as it ends too soon at the single quote in the what should be escaped content.

Producing error Uncaught SyntaxError: missing ) after argument list

Answer 1 · 2018-03-07T17:56:38.000Z

This appears to be an engine specific issue rather than a problem with the spec. You may want to move your issue to https://github.com/apache/sling-org-apache-sling-scripting-sightly if that is the engine you are using.

Answer 2 · 2018-05-24T12:29:35.000Z

The correct context for your expression is scriptString:

<a href="#" onclick="trackPromoCta('${properties.titleLeft @ context='scriptString'}')">Text</a>