You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Paul Benedict (JIRA)" <ji...@apache.org> on 2007/08/31 07:45:35 UTC
[jira] Resolved: (STR-3092) ErrorsTag should filter arguments for
html display
[ https://issues.apache.org/struts/browse/STR-3092?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Benedict resolved STR-3092.
--------------------------------
Resolution: Won't Fix
I am marking this as WONTFIX because the support already exists in MessageTag. I recomend users switch to that tag instead.
> ErrorsTag should filter arguments for html display
> --------------------------------------------------
>
> Key: STR-3092
> URL: https://issues.apache.org/struts/browse/STR-3092
> Project: Struts 1
> Issue Type: Improvement
> Components: Taglibs
> Affects Versions: 1.1.1
> Reporter: Juan Duran
> Assignee: Paul Benedict
> Priority: Minor
> Fix For: 1.4.0
>
>
> Unlike bean:write, html:errors doesn't filter for html the arguments that may go along the message.
> In my opinion, those arguments should be filtered for html by default as this is the purpose of the ErrorsTag (to display in html).
> Sometimes we may want to include the user input in the error message after some validation. For example, say I want to validate that a nameserver is a valid registered nameserver. I would take the user input , run the validation service and would like my error message to be declared in the resources file as:
> error.invalid.dns={0} is not a registered nameserver
> if the user wants to screw my display, then he may enter something like "seehowthislooks<hr>" The html element doesn't get filtered out.
> I believe ErrorsTag should make use of TagUtils.filter(value) in the doStartTag method (which is used by org.apache.struts.taglib.bean.WriteTag). that would take care of this issue.
> workaround
> ----------------
> Of course, we could do the filter before creating the error (ActionMessage), but it would be nice to have this feature just as it happens with bean:write
> Thanks!
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.