Does NOT escape certain unicode characters
sashasch opened this issue · comments
Hi j2html Team.
Overall I'm very excited from the library, thank you much!
Together with this I detected some behaviour which looks like a bug, some unicode characters are not (html) escaped:
Here the simple test:
@Test
@DisplayName("test escaping")
void testEscaping() {
String spacers = "\u00a0\u200c";
assertEquals(" ‌",StringEscapeUtils.escapeHtml4(spacers));
assertEquals(" ‌", TagCreator.text(spacers).render());
}
The first assertion passes, because StringEscapeUtils of apache-commons does the job,
but the second assertion fails because the text left intact.
Using the last 1.6.0 version of the library.
Please advice!
Currently using the following workaround: escaping the spacers manually whenever it should be in my html and using rawHtml
to prevent double encoding, because the library does escape the ampersand '&', but the solution looks not so good, because:
- There is some small probability that the characters will appear in some other, unexpected places, like a user inputs.
- There is some probability that the library doesn't escape some other, more frequently used characters.