You might try wrapping the script in a CDATA before trying to escape the JS.
<![CDATA[
<script>
</script>
]]>
-------------- Original message ----------------------
From: Jeff Tsay <
jctsay@...>
> Hi,
>
> I'm trying to use Shale validator with xulfaces. (XUL is a user
> interface language that is a type of XML) The first problem I'm having
> is that
>
> <val:validatorScript functionName="validateForm"/>
> is encoded as follows:
>
> <script type="text/javascript" language="Javascript1.1">
> function _required() {
> this[0] = new Array("j_id_id32", "null is required.", new Function("x", "return
> {}[x];"));
> }
> var bCancel = false;
> function validateForm(form) {
> var bValid = true;
> var sFormName = jcv_retrieveFormName(form);
> if ((bValid && !bCancel && ("" == sFormName))) {
> bValid = (validateRequired(form));
>
> }
> return bValid;
> }
>
> ...
>
>
> Note the &&. When I load this page in Firefox, it complains that && is
> not valid XML, which it is not. It should be escaped to &&. I
> guess because HTML browsers allow special characters like & in side
> <script> tags, this problem wasn't caught previously. I guess if the
> script appeared in an XHTML document, and a browser was strict, this
> problem could show up too.
>
> So I was trying to fix this problem and looking at
> org.apache.shale.validator.faces.ValidatorScript.writeValidationFunctions().
> It looks like the script text is written here with
> ResponseWriter.write(). The problem is ResponseWrite.write() doesn't
> escape the characters as ResponseWriter.writeText() does. However,
> writeText() won't work since it closes any open tags (in this case
> <script>). So we need to escape ourselves. The trouble is, how do we
> know how to escape the characters? I was thinking of using
> org.apache.commons.lang.StringEscapeUtils.escapeXml() and escapeHtml(),
> but how can we determine what the content type we are outputting is? If
> we knew, I guess we could then create a WrappedResponseWriter that
> overloads write(String) ...
>
> Thanks,
>
> Jeff
