Change default codec to html for new projects

Details

Type: Sub-task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.0.1
Fix Version/s: 2.3-M1
Component/s: Configuration, View technologies
Labels:
None

Description

~~GRAILS-1827~~ was an excellent idea to introduce protection against cross site scripting. I believe that HTML should be the default codec for new projects as this will get people used to the security features from their first use of Grails. Then we have security by default, which people can override if they know what they're doing.

The auto-generated list.gsp files currently include the following call to encodeAsHTML

{ somedata.encodeAsHTML() }

Whether you change the default codec or not, I think this call should be removed from the list.gsp pages as it is not present in any of the other pages.

Activity

Hide

Permalink

Bobby Warner added a comment - 31/May/12 9:04 PM

https://github.com/grails/grails-core/pull/209

Show

Bobby Warner added a comment - 31/May/12 9:04 PM https://github.com/grails/grails-core/pull/209

People

Assignee:

Lari Hotari

Reporter:

Nathan Clement

Vote (1)

Watch (2)

Dates

Created:

09/Mar/08 8:57 PM

Updated:

09/May/13 10:24 PM

Resolved:

09/May/13 10:24 PM

Last Reviewed:

01/Jan/10

Agile

View on Board