struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Laurie Harper <>
Subject Re: Clean some characters in request parameters
Date Tue, 15 Apr 2008 19:53:49 GMT
hernan gonzalez wrote:
> Assume I have a lot of html forms with text inputs, and I want to
> palce some restrictions for the set of allowed chars. Sort of a sanity
> check, at the charset level.
> For a concrete example, my storage (db) uses LATIN9 (iso-8859-15), and
> the user sometimes can enter the non-allowed acute-accent (instead of
> the intended-correct apostrophe). In this -and similar cases- I want
> to detect it (replacing it with the "good" character, or throwing an
> error). I wish to do it globally, not field by field... though not for
> the entire application, but for a set of actions.
> I was thinking of an interceptor that operates at the
> HttpServletRequest level, before the ParametersInterceptor is applied
> (I don't care if the http param corresponds to a String property), but
> this does not seem very straightforward , as the HttpServletRequest
> does not allow to manipulate the params.
> Any suggestion or pointer?

There's nothing in Struts that will take care of this directly. Ideally 
your users should be able to enter whatever characters they want; I 
would be looking at how to get the database layer to cooperate, instead 
of imposing arbitrary input restrictions based on the current database 
configuration. That said, here are some ideas to consider that might 
help get this done:

- to simply validate input and reject any that is outside the target 
character set, you could implement a custom validator;

- to transliterate the input (performing character conversions to force 
the input into the target character set), you could implement a custom 

- to apply either strategy to *all* inputs for a particular action or 
set of actions, you would want to use an interceptor. I would guess 
you'd need to call actionInvocation.getActionContext().setParameters() 
with your 'manipulated' request parameter data.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message