You are viewing a plain text version of this content. The canonical link for it is here.

Posted to taglibs-user@tomcat.apache.org by Soefara Redzuan <so...@hotmail.com> on 2002/05/04 22:27:59 UTC

Solution Re: Quotes in form field values.

Answering my own question here.

Escape HTML special characters from a String
http://www.rgagnon.com/javadetails/java-0306.html

and should you ever need it, the reverse.
http://www.rgagnon.com/javadetails/java-0307.html

Honestly I'm surprised that this is not included in DBTaglib
<sql:getColumn >  or that more people are not asking for such
features. I must be missing something.

Have a good weekend.

Soefara Redzuan.


>From: "Soefara Redzuan" <so...@hotmail.com>
>Reply-To: "Tag Libraries Users List" <ta...@jakarta.apache.org>
>To: taglibs-user@jakarta.apache.org
>Subject: Quotes in form field values.
>Date: Fri, 03 May 2002 07:48:29 +0800
>
>Sorry for the newbie question but I can not find the answer in the mail
>archive.  If <sql:getColumn> returns a string with quotes then it makes an
>error in my HTML.
>
>ex.
><input type="text" value="<sql:getColumn position="1"/>">
>
>becomes
><input type="text" value="He said "This is a problem"">
>
>How do you prevent this happening ?
>
>Soefara Redzuan.
>
>
>
>_________________________________________________________________
>MSN Photos is the easiest way to share and print your photos:
>http://photos.msn.com/support/worldwide.aspx
>
>
>--
>To unsubscribe, e-mail:   
><ma...@jakarta.apache.org>
>For additional commands, e-mail: 
><ma...@jakarta.apache.org>
>


_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Solution Re: Quotes in form field values.

Posted by Paul DuBois <pa...@snake.net>.

At 13:37 -0400 5/5/02, Henri Yandell wrote:
>You won't (i hope) find that in dbtags as it's not a db-related piece of
>functionality. It's html/string-based, so I would expect it either in
>a html-taglib(someday) or in string-taglib.
>
>You're right though that it should be in one of the taglibs. In the
>absence of a full on html-formatting taglib, I'm going to stick:
>
>escapeHtml
>unescapeHtml
>escapeXml
>unescapeXml
>
>into the String taglib. So your solution would be:
>
><str:escapeHtml><sql:getColumn position="1"/></str:escapeHtml>
>
>Will let you know when it's added.
>
>Hen

As far as the database access and escaping stuff goes, you can use JSTL
for both.  The <sql:xxx> tags give you database access, and the <c:out>
tag can perform XML encoding for <, >, &, ", and ', which also takes
care of HTML encoding for you.


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Solution Re: Quotes in form field values.

Posted by Henri Yandell <ba...@generationjava.com>.

You won't (i hope) find that in dbtags as it's not a db-related piece of
functionality. It's html/string-based, so I would expect it either in
a html-taglib(someday) or in string-taglib.

You're right though that it should be in one of the taglibs. In the
absence of a full on html-formatting taglib, I'm going to stick:

escapeHtml
unescapeHtml
escapeXml
unescapeXml

into the String taglib. So your solution would be:

<str:escapeHtml><sql:getColumn position="1"/></str:escapeHtml>

Will let you know when it's added.

Hen

On Sun, 5 May 2002, Soefara Redzuan wrote:

>
> Answering my own question here.
>
> Escape HTML special characters from a String
> http://www.rgagnon.com/javadetails/java-0306.html
>
> and should you ever need it, the reverse.
> http://www.rgagnon.com/javadetails/java-0307.html
>
> Honestly I'm surprised that this is not included in DBTaglib
> <sql:getColumn >  or that more people are not asking for such
> features. I must be missing something.
>
> Have a good weekend.
>
> Soefara Redzuan.
>
>
> >From: "Soefara Redzuan" <so...@hotmail.com>
> >Reply-To: "Tag Libraries Users List" <ta...@jakarta.apache.org>
> >To: taglibs-user@jakarta.apache.org
> >Subject: Quotes in form field values.
> >Date: Fri, 03 May 2002 07:48:29 +0800
> >
> >Sorry for the newbie question but I can not find the answer in the mail
> >archive.  If <sql:getColumn> returns a string with quotes then it makes an
> >error in my HTML.
> >
> >ex.
> ><input type="text" value="<sql:getColumn position="1"/>">
> >
> >becomes
> ><input type="text" value="He said "This is a problem"">
> >
> >How do you prevent this happening ?
> >
> >Soefara Redzuan.
> >
> >
> >
> >_________________________________________________________________
> >MSN Photos is the easiest way to share and print your photos:
> >http://photos.msn.com/support/worldwide.aspx
> >
> >
> >--
> >To unsubscribe, e-mail:
> ><ma...@jakarta.apache.org>
> >For additional commands, e-mail:
> ><ma...@jakarta.apache.org>
> >
>
>
> _________________________________________________________________
> Send and receive Hotmail on your mobile device: http://mobile.msn.com
>
>
> --
> To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>