If I leave grails.views.default.code='none' in the grails Config.groovy, it's up to me to HTML encode my expressions explicitly in the GSP files: ${myValue?.encodeAsHTML()}.
If I set grails.views.default.codec='html" in the Config.groovy, then the HTML encoding happens automatically for every expression: ${myValue}.
My question: If I set the default to 'html', how do I get back to 'none' for one expression when I don't want the HTML encoding behavior?
I may have a solution. I'm not sure how accepted it is, though.
I can set the default codec for expressions to HTML, but then use <%=myValue%> notation in GSP instead of ${} expressions to get the unescaped values onto the page.
From GRAILS-1827, it looks like you can override the default codec for a specific page with
<%@ defaultCodec="HTML" %>
or
<%@page defaultCodec="HTML" %>
in some versions (see the referenced issue).
To summarize the various levels at which the codec can be applied:
Set Config.groovy's grails.views.default.codec='html' to get HTML escaping by default on all ${expressions} in the application.
Then when you want to default a whole page back to none, use the directive:
<%@page defaultCodec="none" %>
or
<%@ defaultCodec="none" %>
To disable HTML encoding for one expression in a page that is otherwise defaulting to HTML, use <%=expression%> notation instead of ${...}.