45

In Grails (<2.3), if I leave grails.views.default.code='none' in the grails Config.groovy, it's up to me to HTML encode my expressions explicitly in the GSP files: ${myValue?.encodeAsHTML()}.

If I set grails.views.default.codec='html" in the Config.groovy, then the HTML encoding happens automatically for every expression: ${myValue}.

My question: If I set the default to 'html', how do I get back to 'none' for one expression when I don't want the HTML encoding behavior?

John Flinchbaugh
  • 2,338
  • 1
  • 17
  • 20

6 Answers6

64

To summarize the various levels at which the codec can be applied:

Set Config.groovy's grails.views.default.codec='html' to get HTML escaping by default on all ${expressions} in the application.

Then when you want to default a whole page back to none, use the directive:

<%@page defaultCodec="none" %>

or

<%@ defaultCodec="none" %>

To disable HTML encoding for one expression in a page that is otherwise defaulting to HTML, use <%=expression%> notation instead of ${...}.

John Flinchbaugh
  • 2,338
  • 1
  • 17
  • 20
  • 10
    This solution no longer works. Instead, you will need to use the 'raw' method: `${raw(expression)}` – A.J. Brown Mar 31 '14 at 20:45
  • I'll have to revisit this with new Grails. They probably made it much easier. – John Flinchbaugh May 02 '14 at 15:49
  • 2
    @A.J.Brown Still works if you're still using <2.3 ;) – Charles Wood Aug 21 '14 at 18:47
  • Oops, I thought in Grails 2.4.3 nothing of the above is working but I was wrong. Just do not use "println" in the expression section - this will encode it nevertheless! – Jörg Rech Nov 03 '14 at 15:57
  • @A.J.Brown thanks for `${raw(expr)}`, it's exactly what I was looking for. Any idea on where it's documented? I mean it ***has*** to be documented somewhere, almost a year after it was introduced right? – Tobia Jan 05 '15 at 16:32
  • 1
    @Tobia, it's in the docs (at least the 2.3 docs), but it's appearance is very short lived: http://grails.org/doc/2.3.0.M1/guide/security.html – A.J. Brown Jan 08 '15 at 20:39
8

If default encoding level is set to html using

grails.views.default.codec = "html"

then for removing the html encoding for one expression in a page you can use

${raw(expression)}

Himanshu Modi
  • 104
  • 1
  • 1
  • Only available for Grails >= 2.3 see http://mrhaki.blogspot.fr/2013/11/grails-goodness-generating-raw-output.html. The question targets Grails < 2.3. See John Flinchbaugh answer below. – BenC Dec 14 '17 at 14:48
7

Try using ${raw(myValue)} , you do not need to declare page codecs etc

Kalyan Das
  • 91
  • 1
  • 1
5

From GRAILS-1827, it looks like you can override the default codec for a specific page with 

<%@ defaultCodec="HTML" %>

or 

<%@page defaultCodec="HTML" %>

in some versions (see the referenced issue).

Jean Barmash
  • 4,788
  • 1
  • 32
  • 40
1

I may have a solution. I'm not sure how accepted it is, though.

I can set the default codec for expressions to HTML, but then use <%=myValue%> notation in GSP instead of ${} expressions to get the unescaped values onto the page.

John Flinchbaugh
  • 2,338
  • 1
  • 17
  • 20
  • You've said more than this in your other answer. This one doesn't add anything. – cdeszaq Jul 26 '13 at 22:13
  • @cdeszaq Look at the dates. The fuller answer was later. (And they were both from 2009 (and your comment was a year before mine).) :| – Charles Wood Aug 21 '14 at 18:49
  • @CharlesWood My point is that this inferior answer should be deleted. My apologies for not making this more clear. – cdeszaq Aug 22 '14 at 17:08
1

Write your own tag and write the expression direct to the output stream:

class YourTagLib {

    static namespace = "x"

    def unescaped = { attrs, body ->
        out << attrs.value
    }

}

Use it in your GSP:

<x:unescaped value="${yourexpression}"/>
Stefan Urbansky
  • 138
  • 7