Grails GSP HTML escaping confusion

30. June 2010 · 6 comments · Categories: Programming, Web/Tech

I'm currently getting to grips with Groovy and Grails. One major frustration that took a while to figure out was HTML escaping in GSP pages. Here's the simple lowdown, including at the end the important bit that I had struggled to realise, which is how to not escape specific strings when global HTML escaping is turned on.

Manual escaping

Out of the box (i.e. with a vanilla Grails app with default config) you need to explicitly escape any dangerous strings with the encodeAsHTML() function that Grails makes available on all Strings: ${dangerString.encodeAsHTML()}. This is a bit verbose, but at least it's very clear, and because it's just a method on String it's available everywhere in your app, not just in GSPs.

Auto-escaping with default codec

If you modify Config.groovy to contain grails.views.default.codec = "html" (which is there by default and set to "none") then it automatically calls encodeAsHTML() for you whenever you use ${} in GSPs. This is clearly quite a handy option and a much safer way of configuring things as it lessens the likelihood of slipping up and leaving a hole in your app.

Overriding auto-escaping per item

So far this is all exactly as per the Grails docs (which go into much more detail on codecs and what's really going on, including creating your own) but the crucial bit they fail to mention is what to do if you've turned on the global html codec, but have situations where you don't want escaping. The answer is to simply use the alternative JSP style interpolation syntax <%=mySafeHTMLString%> since the codec is only applied to ${}.

Overriding auto-escaping per page

You can also set the codec on a per-page basis, overriding that set in Config.groovy, with <%@page defaultCodec="html" %> or <%@page defaultCodec="none" %> as appropriate.

A baby girl!

18. June 2010 · Write a comment · Categories: Me, Sports

I've been quiet of late, due to my wife's pregnancy, and latterly the arrival of a beautiful baby girl – Emily. And that also means my paternity leave coincides nicely with the World Cup finals.

BabyEmilyFutureEnglandCaptain

 

Beer Review: Clausthaler Low Alcohol Lager

01. June 2010 · 3 comments · Categories: Beer, Food and Drink, Me

ClausthalerLowAlcoholLagerBeer

It's been a while – sorry about that. I've been posting very nearly every day on my other site UKNatureBlog so check that out for wildlife including lots from my own garden.

I've also been busy preparing for the imminent arrival of my first child, which is exciting and already life-changing. For instance I've now joined my wife in not drinking alcohol as I may be required to rush her off to hospital at a moment's notice. Hence I have entered the murky world of low alcohol beer! So far we've sampled Becks Blue (zero alcohol), Cobra Zero (zero alcohol) and Clausthaler Classic (< 0.5% alcohol). And I must say that Clausthaler has been a revelation that wins out over the others. It doesn't taste watery and overly bitter (like the Becks) but it's not cloying and overly malty (like the Cobra). In fact it actually tastes like a fairly normal weakish French bottled lager to me, which is a fair feat when it leaves your head clear. I know it's German but it reminds me of Kronenbourg or St Omer in stubbies when camping in France for some reason.

Actually it's truly quite wondrous stuff as you can savour a cold beer or two on a summer's afternoon and not be in the slightest bit muddled or woozy for the rest of the day. It's just refreshing, tasty and beery. I picked it up in Waitrose on a whim, but I now know that it's actually the most popular alcohol-free brand in Europe and I can see why.

I learnt a lot about it from this very good and fact-filled review by a beer-craving pregnant lady, a few notables from which I'll expound upon here. Apparently they brew it in the same manner as other German purity-law beers, but with a special yeast that doesn't generate nearly so much alcohol. This sets it apart from most other low alcohol brews that pass normal strength beer through an osmosis process that knackers the flavour. Clausthaler claim that the small amount of alcohol in their beer is just enough to make it properly 'beery' compared to those with none. Anyway – Clausthaler is thoroughly recommended, though I'm still hoping to find some low-alcohol bitter in the supermarkets. The 30p a can 2% generic value bitter you see in the low-end supermarkets doesn't count as the alcohol content is clearly just the result of penny-pinching.