You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Paul Benedict (JIRA)" <ji...@apache.org> on 2007/06/30 05:43:26 UTC
[jira] Resolved: (STR-1922) Add message parameter XML-escaping to
[ https://issues.apache.org/struts/browse/STR-1922?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Benedict resolved STR-1922.
--------------------------------
Resolution: Fixed
Assignee: Paul Benedict
> Add message parameter XML-escaping to <html:messages>
> -----------------------------------------------------
>
> Key: STR-1922
> URL: https://issues.apache.org/struts/browse/STR-1922
> Project: Struts 1
> Issue Type: Improvement
> Components: Taglibs
> Affects Versions: Nightly Build
> Environment: Operating System: All
> Platform: All
> Reporter: Roberto Tyley
> Assignee: Paul Benedict
> Priority: Minor
> Fix For: 1.4.0
>
> Attachments: HtmlMessagesTag-MessageParameterFiltering.1.2.0.txt, HtmlMessagesTag-MessageParameterFiltering.txt
>
>
> This is small enhancement to the <html:messages> tag, adding a boolean attribute
> which enables the XML-escaping of message parameters, while leaving the text of
> the message pattern itself intact.
> This can be useful if you have markup in your message patterns which you would
> like to keep, but want to filter the parameters going into them, e.g. if they
> reflect user input:
>
> errors.divideZero=The mathematical expression <strong>{0}</strong> caused a
> divide by zero.
> Currently, you can escape XML using <bean:write name="error" filter="true"/>,
> but this would filter the helpful <strong> tag also. The proposed new feature
> would allow for sensible use of html tags in message properties, while still
> protecting against abnormal user input.
> I've implemented this feature in patch against nightly build
> 'jakarta-struts-20040113' and will attach the patch shortly.
> best regards,
> Roberto
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.