Spring Thymeleaf 3.1 post processor

I have an issue related to Thymeleaf 3.1,
org.thymeleaf.standard.processor.StandardTextTagProcessor#produceEscapedOutput method performs XmlEscape.escapeXml10 on th:text in case of XML template.
I do not want it to be escaped, I know there is an option to use th:utext for unescaped text but I have too many templates scattered over places to find and fix them all.
My idea was to use the IPostProcessorDialect to unescape the text after the processor has performed the escape, but I can not find a good example of how to achieve this.
So far this is what I have done.
Implemented IPostProcessorDialect, implemented a custom IPostProcessor to be returned by IPostProcessorDialect,getPostProcessors() extended AbstractTemplateHandler and overridden the handleText method, this is the dead end for me. Can you suggest how to handle this.

Introduction

You are definitly on the right track to do what you want. Do note that generally it is a bad idea to use raw, unescaped text in an XML document, especially if the content that is injected into the XML is user controlled. You may risk Entity injection, XSS and other XML related vulnerabilities, in addition to a potential broken XML.

With that out of the way, let me try to give an answer on what your next steps could be, hopefully this is not too late.

Implementing and wiring up the post-processor

As you have figured out, Thymeleaf has support for post-processors. These are visitors to an XML that you can implement.

Actual post-processor

This is implemented by creating an implementation of ITemplateHandler, the easiest way is to extend AbstractTemplateHandler.

This is an example for my postprocessor that simply takes all text in all XML nodes, and unescapes. Should obviously be retrofitted to your needs, based on e.g. node name etc.
The TemplateHandler will be unique pr XML processing, so you can store instance variables to know where you are and to keep state.
Here I have overriden the handleText method, retrieve the actual text, unescape it, then I create a new IText node (since the nodes coming in as parameters are immutable) with the aid of the modelfactory that is configured for thymeleaf, and send the new node to the standard handler in AbstractTemplateHandler.

import org.thymeleaf.engine.AbstractTemplateHandler;
import org.thymeleaf.engine.ITemplateHandler;
import org.thymeleaf.model.IText;
import org.unbescape.xml.XmlEscape;

public class XmlTemplateHandler extends AbstractTemplateHandler implements ITemplateHandler {
    @Override
    public void handleText(IText textNode) {
        
String text = textNode.getText();
        String unescaped = XmlEscape.unescapeXml(text);
        IText newNode = getContext().getModelFactory().createText(unescaped);
        super.handleText(newNode);
    }
}

Wiring up the post-processor

To make thymeleaf aware of the post-processor, you need to wire it up. This is done by implementing a IPostProcessorDialect, that will return a list of postprocessors that thymeleaf should apply for XML post-processing. Below is my crude example of such a postprocessordialect.

import org.springframework.stereotype.Component;
import org.thymeleaf.dialect.AbstractDialect;
import org.thymeleaf.dialect.IPostProcessorDialect;
import org.thymeleaf.postprocessor.IPostProcessor;
import org.thymeleaf.postprocessor.PostProcessor;
import org.thymeleaf.templatemode.TemplateMode;
import java.util.Set;

@Component
public class XmlPostProcessorDialect extends AbstractDialect implements IPostProcessorDialect {
    protected XmlPostProcessorDialect() {
        super("xmlPostProcessor");
    }

    @Override
    public int getDialectPostProcessorPrecedence() {
        return 0;
    }

    @Override
    public Set<IPostProcessor> getPostProcessors() {
        return Set.of(new PostProcessor(TemplateMode.XML, XmlTemplateHandler.class, 0));
    }
}

Now, you need to make sure Thymeleaf is aware of this dialect. If you use spring boot with spring-boot-starter-thymeleaf you will get this wiring done automatically by spring boot autoconfiguration. You can see this in the sourcecode for org.springframework.boot.autoconfigure.thymeleaf.TemplateEngineConfigurations, the line actually wiring up all the dialects is dialects.orderedStream().forEach(engine::addDialect);

@Bean
		@ConditionalOnMissingBean(ISpringTemplateEngine.class)
		SpringTemplateEngine templateEngine(ThymeleafProperties properties,
				ObjectProvider<ITemplateResolver> templateResolvers, ObjectProvider<IDialect> dialects) {
			SpringTemplateEngine engine = new SpringTemplateEngine();
			engine.setEnableSpringELCompiler(properties.isEnableSpringElCompiler());
			engine.setRenderHiddenMarkersBeforeCheckboxes(properties.isRenderHiddenMarkersBeforeCheckboxes());
			templateResolvers.orderedStream().forEach(engine::addTemplateResolver);
			dialects.orderedStream().forEach(engine::addDialect);
			return engine;
		}

Gotchas

This bean is only started up if you do not implement/defined your own ISpringTemplateEngine and that ThymeleafAutoConfiguration as been activated.

If you do not use Spring Boot Autoconfiguration, you need to wire up the dialects yourself in the place where you initiate the template engine, using the same pattern as ThymeleafAutoConfiguration with dialects.orderedStream().forEach(engine::addDialect);.

Code samples

For a gradle based Spring Boot application using thymeleaf starter, implementing your wanted functionality, take a look at https://github.com/fjank/thleaf

Final remarks

Of course, if you have any questions regarding this, I will do my best to assist you figuring out the answers. Thymeleaf is a good framework, and fits quite nice together with Spring Boot, but they are enormous, complex beasts, and it can sometimes be quite confusing how things are hooked together.