It always bothered me that the JSR168 <portlet:actionURL /> and <portlet:renderURL /> tags didn’t encode their HTML character entities. The lack of encoding causes your HTML 4 or XHTML 1 markup to fail automated validation. After flipping through a bit more of the JSR286 spec, it mentions that in JSR168 “the behavior in regards to XML escaping URLs written by the tag library was undefined” 1. So, some vendors may have encoded and some may not have (as of 2.7 JBoss Portal, for example, does not).
Well, it turns out that the JSR286 expert group noticed that and accounted for it. Section 10.4.1 defines a new container runtime option: javax.portlet.escapeXml. The option causes portlet URLs to be escaped and is true by default. This is primarily for backwards compatibility so that older portlets that dependended on unencoded URLs will work on a portlet 2.0 container.
This option and its default value should make validating your portal UI markup much easier, though it might cause one minor annoyance. Because your portlet URLs will now be encoded, you can’t trigger them directly using javascript.
For example, you wouldn’t want to call the following:
<script type="language/javascript">
var url = '<portlet:renderURL><portlet:param name="id" value="5" /></portlet:renderURL>';
window.location = url;
</script>
Because the URL above would be encoded, your ‘id’ parameter wouldn’t be passed along properly.
To avoid this, you’d want to decode the URL before accessing in through javascript. We use ExtJS on my current project, which offers a handy method for doing just that:
It’s always nice to see this kind of improvement in the spec; hope this is helpful for you!
From http://www.andypemberton.com/portal/jsr286-tag-library-and-xml-escaping/
{{ parent.title || parent.header.title}}
{{ parent.tldr }}
{{ parent.linkDescription }}
{{ parent.urlSource.name }}