Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Escape input data  RSS feed

 
Dan Parsons
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a Form input field in my JSP:


How do I make sure this data is escaped correctly to be able to show quotes and apostrophes. I tried slash in front (name=\"nickname\" and it didnt work.

I dont have JSF,Struts, JSTL, StringEscapeUtils (from Apache commons) due to restrictions on my Tomcat 4.1.27 container.

Is there something I can use or please advise best way to handle this?
[ September 29, 2008: Message edited by: Dan Parsons ]
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66199
151
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why do you feel the need to escape the name attribute?
 
Dan Parsons
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I dont need to escape name attribute, its the value that I am having problem with. If someone enters quotes or apostrophe it disappears when the form input is passed to the next page.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66199
151
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you were using the JSTL (you can with Tomcat 4, just be sure to use JSTL 1.0), the <cut> tag takes care of that.

Without that, you can write a method that performs the same function, replacing the quote and angle bracket characters with their HTML entity equivalents.
 
Dan Parsons
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Bear Bibeault:
If you were using the JSTL (you can with Tomcat 4, just be sure to use JSTL 1.0), the <cut> tag takes care of that.

Without that, you can write a method that performs the same function, replacing the quote and angle bracket characters with their HTML entity equivalents.


Thanks, I created Utility class to handle it and it works great. I could have used JSTL and Apache Commons but wanted to get more experience with creating and using my own classes.
Java seems to be funner when you can create classes to solve issues where
I seem to learn more when I dont use pre existing libraries. It enables me learn more Java basics that I would not have learned or seen if I use pre existing libraries. Is this something most beginners have done here?
[ October 02, 2008: Message edited by: Dan Parsons ]
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66199
151
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, that is a good way to learn. Just be careful not to take it too far. For example, once you adopt JSTL, perhaps at your next server upgrade, be sure to use the standard <cut> mechanism rather than a proprietary solution.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!