You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by bu...@apache.org on 2004/01/14 02:06:03 UTC
DO NOT REPLY [Bug 26112] New: -
Add message parameter XML-escaping to
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26112>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26112
Add message parameter XML-escaping to <html:messages>
Summary: Add message parameter XML-escaping to <html:messages>
Product: Struts
Version: Nightly Build
Platform: All
OS/Version: All
Status: NEW
Severity: Enhancement
Priority: Other
Component: Custom Tags
AssignedTo: struts-dev@jakarta.apache.org
ReportedBy: roberto.tyley@reuters.com
This is small enhancement to the <html:messages> tag, adding a boolean attribute
which enables the XML-escaping of message parameters, while leaving the text of
the message pattern itself intact.
This can be useful if you have markup in your message patterns which you would
like to keep, but want to filter the parameters going into them, e.g. if they
reflect user input:
errors.divideZero=The mathematical expression <strong>{0}</strong> caused a
divide by zero.
Currently, you can escape XML using <bean:write name="error" filter="true"/>,
but this would filter the helpful <strong> tag also. The proposed new feature
would allow for sensible use of html tags in message properties, while still
protecting against abnormal user input.
I've implemented this feature in patch against nightly build
'jakarta-struts-20040113' and will attach the patch shortly.
best regards,
Roberto
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-dev-help@jakarta.apache.org