Home/ Questions/Q 8455623
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T12:19:53+00:00

I need to display some HTML in Grails Error Messages, to mark some content

  • 0

I need to display some HTML in Grails Error Messages, to mark some content for an external System I cannot influence. Its just some simple span tags, with a class=”notranslate” attribute. By default, the HTML will get escaped, so I disabled the codec in the tag, which leads to another problem:

Now everything the User enters will be displayed in the HTML of the Page, which enables easy XSS…
My solution for now is to only disable the HTML Codec for this Page, and use custom error messages, that do not include what the user entered, but that seems rather clumsy to me.

I also saw that there might be the possibility to fiddle around with the MessageSource, but I do not like to change to much in the bowels of Grails. Another Idea I had was to create a custom Filter, that lets only the HTML I approve of through. I also discarded this idea, it felt like I was handling the problem on the wrong abstraction level.

Any Idea how to solve this problem?

TL;DR
I need to wrap variable parts of the error message in tags.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In order not to get an HTML encoded error flash message, one can use the following:

    <g:hasErrors bean="${editingInstance}">
    <div class="errors">
        <g:renderErrors bean="${editingInstance}" codec="none"/>
    </div>
</g:hasErrors>

    The ‘codec’ attribute will be used in ValidationTagLib.groovy:

    Closure renderErrors = { attrs, body ->
    def renderAs = attrs.remove('as')
    if (!renderAs) renderAs = 'list'

    if (renderAs == 'list') {
        def codec = attrs.codec ?: 'HTML'
        if (codec == 'none') codec = ''

        [...]
    }
    [...]
}
    • 0