You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by pb...@apache.org on 2007/06/30 05:25:15 UTC

svn commit: r552086 - in /struts/struts1/trunk/taglib/src/main: java/org/apache/struts/taglib/html/MessagesTag.java resources/META-INF/tld/struts-html.tld

Author: pbenedict
Date: Fri Jun 29 20:25:13 2007
New Revision: 552086

URL: http://svn.apache.org/viewvc?view=rev&rev=552086
Log:
STR-1922: Add filterArgs parameter

Modified:
    struts/struts1/trunk/taglib/src/main/java/org/apache/struts/taglib/html/MessagesTag.java
    struts/struts1/trunk/taglib/src/main/resources/META-INF/tld/struts-html.tld

Modified: struts/struts1/trunk/taglib/src/main/java/org/apache/struts/taglib/html/MessagesTag.java
URL: http://svn.apache.org/viewvc/struts/struts1/trunk/taglib/src/main/java/org/apache/struts/taglib/html/MessagesTag.java?view=diff&rev=552086&r1=552085&r2=552086
==============================================================================
--- struts/struts1/trunk/taglib/src/main/java/org/apache/struts/taglib/html/MessagesTag.java (original)
+++ struts/struts1/trunk/taglib/src/main/java/org/apache/struts/taglib/html/MessagesTag.java Fri Jun 29 20:25:13 2007
@@ -103,6 +103,12 @@
      */
     protected String message = null;
 
+    /**
+     * Filter the message replacement values for characters that are 
+     * sensitive in HTML? Default is <code>false</code>.
+     */
+    protected boolean filterArgs = false;
+
     public String getId() {
         return (this.id);
     }
@@ -167,6 +173,14 @@
         this.message = message;
     }
 
+    public boolean getFilterArgs() {
+        return (this.filterArgs);
+    }
+
+    public void setFilterArgs(boolean filterArgs) {
+        this.filterArgs = filterArgs;
+    }
+
     /**
      * Construct an iterator for the specified collection, and begin looping
      * through the body once per element.
@@ -256,8 +270,13 @@
         String msg = null;
 
         if (report.isResource()) {
+            Object[] values = report.getValues();
+            if (filterArgs) {
+                values = filterMessageReplacementValues(values);
+            }
+            
             msg = TagUtils.getInstance().message(pageContext, bundle, locale,
-                    report.getKey(), report.getValues());
+                    report.getKey(), values);
 
             if (msg == null) {
                 String bundleName = (bundle == null) ? "default" : bundle;
@@ -277,6 +296,30 @@
     }
 
     /**
+     * Performs filtering on the elements of specified Array.
+     * Filtering is only performed on elements which are instances of
+     * <code>String</code>.
+     *
+     * @param values The message values to be filtered
+     */
+    private Object[] filterMessageReplacementValues(Object[] values) {
+       if (values == null) {
+           return (null);
+       }
+
+       Object[] filteredArgs = new Object[values.length];
+       for (int i = 0; i < values.length; ++i) {
+           if (values[i] instanceof String) {
+               filteredArgs[i] = TagUtils.getInstance().filter((String) values[i]);     
+           } else {
+               filteredArgs[i] = values[i]; 
+           }
+       }
+
+       return filteredArgs;
+    }
+
+    /**
      * Clean up after processing this enumeration.
      *
      * @throws JspException if a JSP exception has occurred
@@ -310,5 +353,6 @@
         header = null;
         footer = null;
         message = null;
+        filterArgs = false;
     }
 }

Modified: struts/struts1/trunk/taglib/src/main/resources/META-INF/tld/struts-html.tld
URL: http://svn.apache.org/viewvc/struts/struts1/trunk/taglib/src/main/resources/META-INF/tld/struts-html.tld?view=diff&rev=552086&r1=552085&r2=552086
==============================================================================
--- struts/struts1/trunk/taglib/src/main/resources/META-INF/tld/struts-html.tld (original)
+++ struts/struts1/trunk/taglib/src/main/resources/META-INF/tld/struts-html.tld Fri Jun 29 20:25:13 2007
@@ -5353,6 +5353,26 @@
             </description>
         </attribute>
         <attribute>
+            <name>filterArgs</name>
+            <required>false</required>
+            <rtexprvalue>true</rtexprvalue>
+            <description>
+                <![CDATA[
+                By default no filtering to escape XML characters like &quot;&lt;&quot;
+                occurs on the replacement values going into the message pattern.
+                If this attribute is set to 'true', the replacement values will 
+                be filtered, while the text of the message pattern itself will 
+                be left intact. This can be useful if you have markup in your 
+                message patterns which you want to keep, but would like to 
+                filter the replacement values going into them, e.g. if they 
+                reflect user input. For instance:
+        
+                <pre>errors.divideZero=The mathematical expression 
+                &lt;strong&gt;{0}&lt;/strong&gt; caused a divide by zero.</pre>
+                ]]>
+            </description>
+        </attribute>
+        <attribute>
             <name>locale</name>
             <required>false</required>
             <rtexprvalue>true</rtexprvalue>