You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@struts.apache.org by "Paul Benedict (JIRA)" <ji...@apache.org> on 2007/08/31 07:45:35 UTC

[jira] Resolved: (STR-3092) ErrorsTag should filter arguments for html display

     [ https://issues.apache.org/struts/browse/STR-3092?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Paul Benedict resolved STR-3092.
--------------------------------

    Resolution: Won't Fix

I am marking this as WONTFIX because the support already exists in MessageTag. I recomend users switch to that tag instead.

> ErrorsTag should filter arguments for html display
> --------------------------------------------------
>
>                 Key: STR-3092
>                 URL: https://issues.apache.org/struts/browse/STR-3092
>             Project: Struts 1
>          Issue Type: Improvement
>          Components: Taglibs
>    Affects Versions: 1.1.1
>            Reporter: Juan Duran
>            Assignee: Paul Benedict
>            Priority: Minor
>             Fix For: 1.4.0
>
>
> Unlike bean:write,  html:errors doesn't filter for html the arguments that may go along the message.
> In my opinion, those arguments should be filtered for html by default as this is the purpose of the ErrorsTag (to display in html).
> Sometimes we may want to include the user input in the error message after some validation.  For example, say I want to validate that a nameserver is a valid registered nameserver.  I would take the user input , run the validation service and would like my error message to be declared in the resources file as:
> error.invalid.dns={0} is not a registered nameserver
> if the user wants to screw my display, then he may enter something like "seehowthislooks<hr>"  The html element doesn't get filtered out.
> I believe ErrorsTag should make use of    TagUtils.filter(value) in the doStartTag method (which is used by org.apache.struts.taglib.bean.WriteTag).  that would take care of this issue.
> workaround
> ----------------
> Of course, we could do the filter before creating the error (ActionMessage),  but it would be nice to have this feature just as it happens with bean:write
> Thanks!

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.