You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Mufaddal Khumri <mu...@wmotion.com> on 2003/08/01 05:54:51 UTC
Suggestions ?
> Yes, thats a helpful function ... I was looking at :
> http://jakarta.apache.org/taglibs/doc/string-doc/string-1.0.1/
> index.html
> to see if i can find a good tag library to use ... havent found one
> that i could use yet. Am hoping that someone on the list has pointers
> to some standard function or taglib.
>
> Thanks.
>
> On Friday, August 1, 2003, at 02:57 AM, Steph Richardson wrote:
>
>> I assume any html type tags that may be included in the text, you
>> would want rendered as visible HTML tags in the browser. So use a
>> HTML encoding method. There doesn't seem to be a JRE standard for
>> this, so something like this will do it :
>>
>> public static String HTMLEncode( String unenc )
>> {
>> final String[] tokens = new String[] {"<", ">", "\"", "'"};
>> final String[] replacement = new String[] {"<", ">",
>> """, "'"};
>>
>> StringBuffer sb = new StringBuffer(unenc);
>> for(int i = 0; i<tokens.length; i++)
>> {
>> int idx = 0;
>> while((idx = sb.indexOf(tokens[i], idx)) != -1)
>> sb.replace(idx, idx + tokens[i].length(), replacement[i]);
>> }
>> return sb.toString();
>> }
>>
>>> -----Original Message-----
>>> From: Mufaddal Khumri [mailto:mufaddal@wmotion.com]
>>> Sent: Thursday, July 31, 2003 4:51 AM
>>> To: Tomcat Users List
>>> Subject: Suggestions ?
>>>
>>>
>>> Hi,
>>>
>>> Am using tomcat 4.1.24.
>>>
>>> Have a XYZ.jsp with a form on it take data from the user. Once the
>>> user
>>> clicks submit the data is stored in the database and the data that
>>> the
>>> user entered is shown to him on ABC.jsp.
>>>
>>> The problem is that the user can enter anything in the text field and
>>> text area of the form on XYZ.jsp. For example in the description text
>>> area he or she might enter - text, an http url, maybe html tags etc.
>>> Now when i grab this data from the form and store it to the databse
>>> it
>>> works fine, but when i grab the data from the database and render it
>>> on
>>> ABC.jsp it gets messed up because the html tags in the data interfere
>>> with the html of the page. Is there a way in tomcat escape such
>>> characters or are there java methods that i could use to pass this
>>> string through that would do the escaping for me ?
>>>
>>> Thanks.
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org