use of <c:out value="blah" /> will automatically escape html entities.
Originally posted by Timothy Sam:
Ben, the problem is that the getParameterValues() method is not invoked in my ActionServlet at all... In my Action servlet, the execute method still has the HttpServletRequest as the argument for request. Is that ok? If that's ok, I'm not using the HttpServletRequest implicitly in my execute method since this is automatically done for my by struts. So what I do is...
tibi stibi wrote:to be sure there is no security risk i want to encoded all user input.
tibi stibi wrote:4. the encoded input (text, urls) are stored into the database
5. an email is constructed with the stored text and urls in it and send out to the customers
6. there is an online version of the same email
step 5 and 6 are done by an email program on which i have no control.
Aaaaaand ... we're on the march. Stylin. Get with it tiny ad.
Two software engineers solve most of the world's problems in one K&R sized bookhttps://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton