You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@velocity.apache.org by lloyd <su...@twilight-systems.com> on 2002/05/08 22:21:37 UTC
escaping special characters in html?
how are you folks escaping special characters in html?
if i have the following in a velocity template:
<input type="text" name="name" value="$item.name" />
if item.name is '"Financial Dominator" Vanity Account', when it gets
rendered it looks like this:
<input type="text"
name="name"
value=""Financial Dominator" Vanity Account" />
you can see the resulting double quotes will damage the html.
is there an existing HtmlString class or something similar that behaves
like a String but performs conversions on the fly?
or a better solution?
thanks
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: escaping special characters in html?
Posted by "Charles N. Harvey III" <ch...@alloy.com>.
Or change your html. If you want a value to have " in it then you
must change the <input> tag to read with ' instead of ".
As in:
<input type='text' name='name' value='$item.name' />
The only place you will have a problem with this might be some xsl
where it must be valid and have " instead of '. But this will work
and solve your double quote problem. And it seems a pretty easy
solution to me.
Charlie
> -----Original Message-----
> From: James Rozee [mailto:root@gdse.com]
> Sent: Thursday, May 09, 2002 8:13 AM
> To: Velocity Users List
> Subject: Re: escaping special characters in html?
>
>
> I remove the quotes before I place items into the context. The other
> option could be to convert it to single quotes with the String.replace()
> method.
>
> Jamie
>
> *********************************************************
> The Game Development Search Engine
> and DQuest E-zine
> http://www.gdse.com/
>
> A Member of the Future Games Network
> http://www.fgn.com/
>
>
> On 8 May 2002, lloyd wrote:
>
> > how are you folks escaping special characters in html?
> >
> > if i have the following in a velocity template:
> >
> > <input type="text" name="name" value="$item.name" />
> >
> > if item.name is '"Financial Dominator" Vanity Account', when it gets
> > rendered it looks like this:
> >
> > <input type="text"
> > name="name"
> > value=""Financial Dominator" Vanity Account" />
> >
> > you can see the resulting double quotes will damage the html.
> >
> > is there an existing HtmlString class or something similar that behaves
> > like a String but performs conversions on the fly?
> >
> > or a better solution?
> >
> >
> > thanks
> >
> >
> >
> >
> >
> >
> >
> >
> > --
> > To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> > For additional commands, e-mail:
> <ma...@jakarta.apache.org>
> >
> >
>
>
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: escaping special characters in html?
Posted by James Rozee <ro...@gdse.com>.
I remove the quotes before I place items into the context. The other
option could be to convert it to single quotes with the String.replace()
method.
Jamie
*********************************************************
The Game Development Search Engine
and DQuest E-zine
http://www.gdse.com/
A Member of the Future Games Network
http://www.fgn.com/
On 8 May 2002, lloyd wrote:
> how are you folks escaping special characters in html?
>
> if i have the following in a velocity template:
>
> <input type="text" name="name" value="$item.name" />
>
> if item.name is '"Financial Dominator" Vanity Account', when it gets
> rendered it looks like this:
>
> <input type="text"
> name="name"
> value=""Financial Dominator" Vanity Account" />
>
> you can see the resulting double quotes will damage the html.
>
> is there an existing HtmlString class or something similar that behaves
> like a String but performs conversions on the fly?
>
> or a better solution?
>
>
> thanks
>
>
>
>
>
>
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: escaping special characters in html?
Posted by Bill Boland <bo...@attbi.com>.
Good point. I hadn't gotten that far in my Velocity knowledge.
If you want to do the escaping on every reference, this would be the way
to go. On the other hand, if the escaping was only needed in certain
contexts or would be problematic if it was global then the tool route
might be best. It's probably a matter of the work and readability of the
template to include the escaping or modifying the
ReferenceInsertionEventHandler code to determine when to exclude the
global escaping based on reference names.
Example: if the toString() of any reference contains HTML to be inserted
into the stream (news items from a database or news feed that are
already formatted in HTML ... not that they should be, but sometimes we
do not get to choose these things).
-----Original Message-----
From: David Esposito [mailto:esposito@newnetco.com]
Sent: Friday, May 10, 2002 6:17 AM
To: Velocity Users List
Subject: RE: escaping special characters in html?
just off the cuff here, can't you use the ReferenceInsertionEventHandler
to
have it do the escaping before it goes out to the stream? ... that way
you
can have this functionality be 'global' for the template merge rather
than
needing to use the tool explicitly for each insertion ...
like i said, that's just a suggestion, i've never tried it personally ..
;)
-dave
> -----Original Message-----
> From: Stephen Riek [mailto:stephenriek@yahoo.co.uk]
> Sent: Friday, May 10, 2002 1:02 AM
> To: Velocity Users List
> Subject: RE: escaping special characters in html?
>
>
>
> Nice, though you'll probably wish to extend that to the full
> range of HTML characters.
> http://www.rgagnon.com/javadetails/java-0306.html
> Is such a feature something that should be included in Velocity
> or is it not strictly MVC View ?
> The other alternative was, as somebody said, to do all escaping
> in your objects and values
> before you send them to the context. I can't help but feel that
> that is not logically correct since
> you could be sending the output to several devices, not
> necessary a web browser. I personally
> believe this is more "View" than anything else.
> The other suggestion to use ' instead of " is restrictive. It's
> just as likely that your value that
> you wish to include within the value="" or value='' includes both
> " and '. Replacing " with ' as
> somebody else suggested is also not a great fix because often you
> really do want " and ' will
> not suffice.
> Bill's solution below is the best I've seen to date.
> Stephen Riek.
>
> Bill Boland <bo...@attbi.com> wrote: Here's a two small
> methods you can place in a tool in your context to
> make strings a bit safer. One can also convert new-lines in text to
some
> other string if you want (example: if your placing the text into a
> paragraph in the HTML). Then you could do the following:
>
> [input] value="$util.toHTMLString( $item.name )" />
>
>
>
> /**
> * Returns the specified string converted to a format suitable for
> * HTML. All single-quote, double-quote, greater-than, less-than and
> * ampersand characters are replaced with their corresponding HTML
> * character code.
> * @param in the String to convert
> * @param nlReplace the String to replace newlines.
> * For example, "
> ". If null, no replacement is done.
> * @return the converted String
> */
> public String toHTMLString(String in, String nlReplace)
> {
> StringBuffer out = new StringBuffer();
> for (int i = 0; in != null && i < in.length(); i++) {
> char c = in.charAt(i);
> if (c == '\'') {
> out.append("'");
> }
> else if (c == '\"') {
> out.append(""");
> }
> else if (c == '<') {
> out.append("<");
> }
> else if (c == '>') {
> out.append(">");
> }
> else if (c == '&') {
> out.append("&");
> }
> else if (c == '\n' && nlReplace != null) {
> out.append( nlReplace );
> }
> else {
> out.append(c);
> }
> }
> return out.toString();
> }
>
> public String toHTMLString(String in)
> {
> return toHTMLString( in , null );
> }
>
>
> -----Original Message-----
> From: lloyd [mailto:subscr001@twilight-systems.com]
> Sent: Wednesday, May 08, 2002 1:22 PM
> To: velocity-user
> Subject: escaping special characters in html?
>
> how are you folks escaping special characters in html?
>
> if i have the following in a velocity template:
>
> [input]
>
> if item.name is '"Financial Dominator" Vanity Account', when it gets
> rendered it looks like this:
>
> [input] name="name"
> value=""Financial Dominator" Vanity Account" />
>
> you can see the resulting double quotes will damage the html.
>
> is there an existing HtmlString class or something similar that
behaves
> like a String but performs conversions on the fly?
>
> or a better solution?
>
>
> thanks
>
>
>
>
>
>
>
>
> --
> To unsubscribe, e-mail:
>
> For additional commands, e-mail:
>
>
>
>
>
> --
> To unsubscribe, e-mail:
> For additional commands, e-mail:
>
>
>
> ---------------------------------
> Do You Yahoo!?
> Get personalised at My Yahoo!.
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: escaping special characters in html?
Posted by David Esposito <es...@newnetco.com>.
just off the cuff here, can't you use the ReferenceInsertionEventHandler to
have it do the escaping before it goes out to the stream? ... that way you
can have this functionality be 'global' for the template merge rather than
needing to use the tool explicitly for each insertion ...
like i said, that's just a suggestion, i've never tried it personally .. ;)
-dave
> -----Original Message-----
> From: Stephen Riek [mailto:stephenriek@yahoo.co.uk]
> Sent: Friday, May 10, 2002 1:02 AM
> To: Velocity Users List
> Subject: RE: escaping special characters in html?
>
>
>
> Nice, though you'll probably wish to extend that to the full
> range of HTML characters.
> http://www.rgagnon.com/javadetails/java-0306.html
> Is such a feature something that should be included in Velocity
> or is it not strictly MVC View ?
> The other alternative was, as somebody said, to do all escaping
> in your objects and values
> before you send them to the context. I can't help but feel that
> that is not logically correct since
> you could be sending the output to several devices, not
> necessary a web browser. I personally
> believe this is more "View" than anything else.
> The other suggestion to use ' instead of " is restrictive. It's
> just as likely that your value that
> you wish to include within the value="" or value='' includes both
> " and '. Replacing " with ' as
> somebody else suggested is also not a great fix because often you
> really do want " and ' will
> not suffice.
> Bill's solution below is the best I've seen to date.
> Stephen Riek.
>
> Bill Boland <bo...@attbi.com> wrote: Here's a two small
> methods you can place in a tool in your context to
> make strings a bit safer. One can also convert new-lines in text to some
> other string if you want (example: if your placing the text into a
> paragraph in the HTML). Then you could do the following:
>
> [input] value="$util.toHTMLString( $item.name )" />
>
>
>
> /**
> * Returns the specified string converted to a format suitable for
> * HTML. All single-quote, double-quote, greater-than, less-than and
> * ampersand characters are replaced with their corresponding HTML
> * character code.
> * @param in the String to convert
> * @param nlReplace the String to replace newlines.
> * For example, "
> ". If null, no replacement is done.
> * @return the converted String
> */
> public String toHTMLString(String in, String nlReplace)
> {
> StringBuffer out = new StringBuffer();
> for (int i = 0; in != null && i < in.length(); i++) {
> char c = in.charAt(i);
> if (c == '\'') {
> out.append("'");
> }
> else if (c == '\"') {
> out.append(""");
> }
> else if (c == '<') {
> out.append("<");
> }
> else if (c == '>') {
> out.append(">");
> }
> else if (c == '&') {
> out.append("&");
> }
> else if (c == '\n' && nlReplace != null) {
> out.append( nlReplace );
> }
> else {
> out.append(c);
> }
> }
> return out.toString();
> }
>
> public String toHTMLString(String in)
> {
> return toHTMLString( in , null );
> }
>
>
> -----Original Message-----
> From: lloyd [mailto:subscr001@twilight-systems.com]
> Sent: Wednesday, May 08, 2002 1:22 PM
> To: velocity-user
> Subject: escaping special characters in html?
>
> how are you folks escaping special characters in html?
>
> if i have the following in a velocity template:
>
> [input]
>
> if item.name is '"Financial Dominator" Vanity Account', when it gets
> rendered it looks like this:
>
> [input] name="name"
> value=""Financial Dominator" Vanity Account" />
>
> you can see the resulting double quotes will damage the html.
>
> is there an existing HtmlString class or something similar that behaves
> like a String but performs conversions on the fly?
>
> or a better solution?
>
>
> thanks
>
>
>
>
>
>
>
>
> --
> To unsubscribe, e-mail:
>
> For additional commands, e-mail:
>
>
>
>
>
> --
> To unsubscribe, e-mail:
> For additional commands, e-mail:
>
>
>
> ---------------------------------
> Do You Yahoo!?
> Get personalised at My Yahoo!.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: escaping special characters in html?
Posted by Stephen Riek <st...@yahoo.co.uk>.
Nice, though you'll probably wish to extend that to the full range of HTML characters.
http://www.rgagnon.com/javadetails/java-0306.html
Is such a feature something that should be included in Velocity or is it not strictly MVC View ?
The other alternative was, as somebody said, to do all escaping in your objects and values
before you send them to the context. I can't help but feel that that is not logically correct since
you could be sending the output to several devices, not necessary a web browser. I personally
believe this is more "View" than anything else.
The other suggestion to use ' instead of " is restrictive. It's just as likely that your value that
you wish to include within the value="" or value='' includes both " and '. Replacing " with ' as
somebody else suggested is also not a great fix because often you really do want " and ' will
not suffice.
Bill's solution below is the best I've seen to date.
Stephen Riek.
Bill Boland <bo...@attbi.com> wrote: Here's a two small methods you can place in a tool in your context to
make strings a bit safer. One can also convert new-lines in text to some
other string if you want (example: if your placing the text into a
paragraph in the HTML). Then you could do the following:
[input] value="$util.toHTMLString( $item.name )" />
/**
* Returns the specified string converted to a format suitable for
* HTML. All single-quote, double-quote, greater-than, less-than and
* ampersand characters are replaced with their corresponding HTML
* character code.
* @param in the String to convert
* @param nlReplace the String to replace newlines.
* For example, "
". If null, no replacement is done.
* @return the converted String
*/
public String toHTMLString(String in, String nlReplace)
{
StringBuffer out = new StringBuffer();
for (int i = 0; in != null && i < in.length(); i++) {
char c = in.charAt(i);
if (c == '\'') {
out.append("'");
}
else if (c == '\"') {
out.append(""");
}
else if (c == '<') {
out.append("<");
}
else if (c == '>') {
out.append(">");
}
else if (c == '&') {
out.append("&");
}
else if (c == '\n' && nlReplace != null) {
out.append( nlReplace );
}
else {
out.append(c);
}
}
return out.toString();
}
public String toHTMLString(String in)
{
return toHTMLString( in , null );
}
-----Original Message-----
From: lloyd [mailto:subscr001@twilight-systems.com]
Sent: Wednesday, May 08, 2002 1:22 PM
To: velocity-user
Subject: escaping special characters in html?
how are you folks escaping special characters in html?
if i have the following in a velocity template:
[input]
if item.name is '"Financial Dominator" Vanity Account', when it gets
rendered it looks like this:
[input] name="name"
value=""Financial Dominator" Vanity Account" />
you can see the resulting double quotes will damage the html.
is there an existing HtmlString class or something similar that behaves
like a String but performs conversions on the fly?
or a better solution?
thanks
--
To unsubscribe, e-mail:
For additional commands, e-mail:
--
To unsubscribe, e-mail:
For additional commands, e-mail:
---------------------------------
Do You Yahoo!?
Get personalised at My Yahoo!.
RE: escaping special characters in html?
Posted by Bill Boland <bo...@attbi.com>.
Here's a two small methods you can place in a tool in your context to
make strings a bit safer. One can also convert new-lines in text to some
other string if you want (example: if your placing the text into a
paragraph in the HTML). Then you could do the following:
<input type="text" name="name"
value="$util.toHTMLString( $item.name )" />
/**
* Returns the specified string converted to a format suitable for
* HTML. All single-quote, double-quote, greater-than, less-than and
* ampersand characters are replaced with their corresponding HTML
* character code.
* @param in the String to convert
* @param nlReplace the String to replace newlines.
* For example, "<BR>". If null, no replacement is done.
* @return the converted String
*/
public String toHTMLString(String in, String nlReplace)
{
StringBuffer out = new StringBuffer();
for (int i = 0; in != null && i < in.length(); i++) {
char c = in.charAt(i);
if (c == '\'') {
out.append("'");
}
else if (c == '\"') {
out.append(""");
}
else if (c == '<') {
out.append("<");
}
else if (c == '>') {
out.append(">");
}
else if (c == '&') {
out.append("&");
}
else if (c == '\n' && nlReplace != null) {
out.append( nlReplace );
}
else {
out.append(c);
}
}
return out.toString();
}
public String toHTMLString(String in)
{
return toHTMLString( in , null );
}
-----Original Message-----
From: lloyd [mailto:subscr001@twilight-systems.com]
Sent: Wednesday, May 08, 2002 1:22 PM
To: velocity-user
Subject: escaping special characters in html?
how are you folks escaping special characters in html?
if i have the following in a velocity template:
<input type="text" name="name" value="$item.name" />
if item.name is '"Financial Dominator" Vanity Account', when it gets
rendered it looks like this:
<input type="text"
name="name"
value=""Financial Dominator" Vanity Account" />
you can see the resulting double quotes will damage the html.
is there an existing HtmlString class or something similar that behaves
like a String but performs conversions on the fly?
or a better solution?
thanks
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>