You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by "Hehl, Thomas" <Th...@acs-inc.com> on 2006/12/05 16:05:28 UTC

Filter problem

OK, I've collided with struts over an issue and would like to know if people
have suggestions on how to solve.

I am reading stuff from an XML file and building parts of my UI from for use
in a JSP. I thought it would be good for some of them to have HTML markup in
them, so I put &lt;, etc in the html file. It goes all the way to struts as
"<" and then struts converts it at the last second so that what gets
displayed is <B>.:(

So how do I stop struts from doing this? So far, I dunno. Here's the code
that causes the problem in ResourceUtils(1.3.5):


    /**
     * Filter the specified string for characters that are senstive to HTML
     * interpreters, returning the string with these characters replaced by
     * the corresponding character entities.
     *
     * @param value The string to be filtered and returned
     */
    public static String filter(String value) {
        if ((value == null) || (value.length() == 0)) {
            return value;
        }

        StringBuffer result = null;
        String filtered = null;

        for (int i = 0; i < value.length(); i++) {
            filtered = null;

            switch (value.charAt(i)) {
            case '<':
                filtered = "&lt;";

                break;

            case '>':
                filtered = "&gt;";

                break;

            case '&':
                filtered = "&amp;";

                break;

            case '"':
                filtered = "&quot;";

                break;

            case '\'':
                filtered = "&#39;";

                break;
            }

            if (result == null) {
                if (filtered != null) {
                    result = new StringBuffer(value.length() + 50);

                    if (i > 0) {
                        result.append(value.substring(0, i));
                    }

                    result.append(filtered);
                }
            } else {
                if (filtered == null) {
                    result.append(value.charAt(i));
                } else {
                    result.append(filtered);
                }
            }
        }

        return (result == null) ? value : result.toString();
    }

I think it is uncharitable for struts to change these with no option to
prevent it. I am thinking about adding &open; and &close; and resolving them
here to turn them back into < and > respectively. Any other ideas, comments,
suggestions?

Thanks.

Re: Filter problem

Posted by Martin Gainty <mg...@hotmail.com>.

Hi Thomas-
Perhaps an implementation where you register your own <pre-result> listener (example located at)
http://struts.apache.org/2.x/docs/can-we-access-an-actions-result.html

Anyone else?
M-
This e-mail communication and any attachments may contain confidential and privileged information for the use of the 
designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received
this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its 
contents
----- Original Message ----- 
From: "Hehl, Thomas" <Th...@acs-inc.com>
To: <us...@struts.apache.org>
Sent: Tuesday, December 05, 2006 10:05 AM
Subject: Filter problem


> OK, I've collided with struts over an issue and would like to know if people
> have suggestions on how to solve.
> 
> I am reading stuff from an XML file and building parts of my UI from for use
> in a JSP. I thought it would be good for some of them to have HTML markup in
> them, so I put &lt;, etc in the html file. It goes all the way to struts as
> "<" and then struts converts it at the last second so that what gets
> displayed is <B>.:(
> 
> So how do I stop struts from doing this? So far, I dunno. Here's the code
> that causes the problem in ResourceUtils(1.3.5):
> 
> 
>    /**
>     * Filter the specified string for characters that are senstive to HTML
>     * interpreters, returning the string with these characters replaced by
>     * the corresponding character entities.
>     *
>     * @param value The string to be filtered and returned
>     */
>    public static String filter(String value) {
>        if ((value == null) || (value.length() == 0)) {
>            return value;
>        }
> 
>        StringBuffer result = null;
>        String filtered = null;
> 
>        for (int i = 0; i < value.length(); i++) {
>            filtered = null;
> 
>            switch (value.charAt(i)) {
>            case '<':
>                filtered = "&lt;";
> 
>                break;
> 
>            case '>':
>                filtered = "&gt;";
> 
>                break;
> 
>            case '&':
>                filtered = "&amp;";
> 
>                break;
> 
>            case '"':
>                filtered = "&quot;";
> 
>                break;
> 
>            case '\'':
>                filtered = "&#39;";
> 
>                break;
>            }
> 
>            if (result == null) {
>                if (filtered != null) {
>                    result = new StringBuffer(value.length() + 50);
> 
>                    if (i > 0) {
>                        result.append(value.substring(0, i));
>                    }
> 
>                    result.append(filtered);
>                }
>            } else {
>                if (filtered == null) {
>                    result.append(value.charAt(i));
>                } else {
>                    result.append(filtered);
>                }
>            }
>        }
> 
>        return (result == null) ? value : result.toString();
>    }
> 
> I think it is uncharitable for struts to change these with no option to
> prevent it. I am thinking about adding &open; and &close; and resolving them
> here to turn them back into < and > respectively. Any other ideas, comments,
> suggestions?
> 
> Thanks.
> 
> 
>