Grails View Codec Not Working (2.4)

Question

I'm trying to put a string in my gsp that contains an ampersand, but I need the ampersand as-is, not the html-ized version because it gets injected into some javascript. Here is what I've tried...

1. The grails docs say that the default value for grails.views.default.codec is "none". That's wrong. It is "html".
2. I can supposedly get grails to not escape strings by using jsp-style tags, ie: <%=mySafeHTMLString%> Nope.
3. I can supposedly get grails to not use the default code per page by using <%@page defaultCodec="none" %> Nope again.

In short, the grails docs seem to be wrong to start with and then the functionality seems to broken on top of it all. Is there something else I can try here?

I'm using grails 2.4.

Answer 1

Since Grails 2.3 all ${} expression output is automatically escaped on GSPs. This is very useful, because user input is now escaped and any HTML or JavaScript in the input value is escaped and not interpreted by the browser as HTML or JavaScript. This is done so our Grails application is protected from Cross Site Scripting (XSS) attacks.

However, you can always use raw() or encodeAsRaw() if you need the raw value. Such as:

raw(somethingFromModel)
somethingFromModel.encodeAsRaw()
<g:encodeAs codec="None">${somethingFromModel}</g:encodeAs>

Also, you can control the default encoding type (as always) for GSPs from within Config.groovy

grails.views.default.codec = "none" // this will emulate pre-2.3 behavior