struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <ahardy.str...@cyberspaceroad.com>
Subject Re: Evil characters causing mischief in textarea and value attribute contents
Date Thu, 18 Sep 2003 11:37:40 GMT
Hi Andrew,
I thought, man, you don't know that? Hahaha - and then I realised I 
don't know either.

I just checked my app to make sure it's not happening to me too, and 
it's not. I have stuff like ""snowflake"" in the database and it gets 
encoded automatically into

value="a html-busting &quot;character&quot;"

via <html:text>. Presumably <html:textarea> is the same.

If you have <bean:write> you can add filter="true".


Adam

On 09/18/2003 12:36 PM Andrew Hill wrote:
> We have some screens that allow users to edit some stuff stored in the db,
> and some of this stuff includes such characters as " or \ or whatever, and
> also some of them have xml tags as there contents.
> 
> When rendering such fields we are hitting some problems.
> ie: if the value is something like:
> my cats name is "snowflake"
> 
> we end up with:
> <input name="fieldname" value="my cats name is ""snowflake""/>
> 
> ...which of course is not very good.
> 
> Another one is textareas containing </textarea>!
> 
> Whats the technique for handling this nicely?
> Obviously I need to escape these somehow. What do I need to consider?
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
> 
> 

-- 
struts 1.1 + tomcat 4.1.27 + java 1.4.2
Linux 2.4.20 RH9


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


Mime
View raw message