You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@struts.apache.org by "Paul Benedict (JIRA)" <ji...@apache.org> on 2007/06/30 05:43:26 UTC

[jira] Resolved: (STR-1922) Add message parameter XML-escaping to

     [ https://issues.apache.org/struts/browse/STR-1922?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Paul Benedict resolved STR-1922.
--------------------------------

    Resolution: Fixed
      Assignee: Paul Benedict

> Add message parameter XML-escaping to <html:messages>
> -----------------------------------------------------
>
>                 Key: STR-1922
>                 URL: https://issues.apache.org/struts/browse/STR-1922
>             Project: Struts 1
>          Issue Type: Improvement
>          Components: Taglibs
>    Affects Versions: Nightly Build
>         Environment: Operating System: All
> Platform: All
>            Reporter: Roberto Tyley
>            Assignee: Paul Benedict
>            Priority: Minor
>             Fix For: 1.4.0
>
>         Attachments: HtmlMessagesTag-MessageParameterFiltering.1.2.0.txt, HtmlMessagesTag-MessageParameterFiltering.txt
>
>
> This is small enhancement to the <html:messages> tag, adding a boolean attribute
> which enables the XML-escaping of message parameters, while leaving the text of
> the message pattern itself intact. 
> This can be useful if you have markup in your message patterns which you would
> like to keep, but want to filter the parameters going into them, e.g. if they
> reflect user input:
>                   
> errors.divideZero=The mathematical expression <strong>{0}</strong> caused a
> divide by zero.
> Currently, you can escape XML using <bean:write name="error" filter="true"/>,
> but this would filter the helpful <strong> tag also. The proposed new feature
> would allow for sensible use of html tags in message properties, while still
> protecting against abnormal user input.
> I've implemented this feature in patch against nightly build
> 'jakarta-struts-20040113' and will attach the patch shortly.
> best regards,
> Roberto

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.