struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bruno Wintenberger <bruno.wintenber...@gmail.com>
Subject Re: printing mathematical special characters
Date Thu, 30 Jul 2015 08:51:07 GMT
Hello Yaragalla,
you should now that disabling the default escaping can lead to serious
security issues (mainly XSS :
https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29).

2015-07-30 10:49 GMT+02:00 Yaragalla Muralidhar <yaragallamurali@gmail.com>:

> Ok Christoph. Thanks for your response. I found that struts is doing it.
> <s:property value="name" escape="false" /> helped me to an extent.
>
> *Thanks and Regards,*
> Muralidhar Yaragalla.
>
> *http://yaragalla.blogspot.in/ <http://yaragalla.blogspot.in/>*
>
> On Thu, Jul 30, 2015 at 2:01 PM, Yaragalla Muralidhar <
> yaragallamurali@gmail.com> wrote:
>
> >
> >
> > I have mathematical symbols e.g. *alfa*, *beta*,*mu* . When I copy these
> > symbols in text area they are getting copied. I am copying them from word
> > document. When I insert them into the database using prepared statement
> the
> > symbols are getting inserted as code. for example the *alfa* is getting
> > stored as&#946;. This is fine I guess. But when I retrieve them from the
> > database using java.sq.Statement and displaying them in the html page
> they
> > are getting displayed as code instead of symbol. I mean "&#946;" is
> > displayed in html instead displaying alfa symbol. So how to deal with
> this
> > situation? how can I store symbols and display them properly in html?
> >
> > I am using mysql database, java1.7,struts2.0 and tomcat7.
> > *Thanks and Regards,*
> > Muralidhar Yaragalla.
> >
> > *http://yaragalla.blogspot.in/ <http://yaragalla.blogspot.in/>*
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message