Play template package doesn’t disable HTML escaping for Crown Copyright entity

Question

Play template package doesn’t disable HTML escaping for Crown Copyright entity

paulwaitehomeoffice opened this issue 8 years ago · comments

Paul Waite commented 8 years ago

Steps to reproduce

Examine the Crown Copyright section of the packaged Play template

Expected behaviour

The copyright HTML entity is wrapped in a call to Html(), to avoid it being HTML-escaped

<a href="http://www.nationalarchives.gov.uk/information-management/re-using-public-sector-information/copyright-and-re-use/crown-copyright/">@crownCopyrightMessage.getOrElse(Html("&copy; Crown copyright"))</a>

Actual behaviour

The copyright HTML entity is not wrapped in an Html() call, resulting in it being HTML-escaped, and thus appearing as © in the browser.

<a href="http://www.nationalarchives.gov.uk/information-management/re-using-public-sector-information/copyright-and-re-use/crown-copyright/">@crownCopyrightMessage.getOrElse("&copy; Crown copyright")</a>

Workaround

I’m currently working around the bug by duplicating the Crown copyright message content in my main template:

@crownCopyrightMessage = {
    &copy; Crown copyright
}
...
@govuk_template(... Some(crownCopyrightMessage))(content)

This content isn’t HTML-escaped, so the copyright entity appears correctly when the resulting pages are viewed in a web browser.

Paul Waite · Answer 1 · Sat Feb 11 2017 01:20:10 GMT+0800 (China Standard Time)

I think the following line in play_processor.rb:

crown_copyright_message: '@crownCopyrightMessage.getOrElse("&copy; Crown copyright")',

Should be changed to:

crown_copyright_message: '@crownCopyrightMessage.getOrElse(Html("&copy; Crown copyright"))',

And maybe there should be a new test of some sort in play_processor_spec.rb?