This week's book giveaway is in the Kotlin forum.
We're giving away four copies of Kotlin in Action and have Dmitry Jemerov & Svetlana Isakova on-line!
See this thread for details.
Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Escape sequence in JSTL tags  RSS feed

 
M Burke
Ranch Hand
Posts: 410
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have several layers of quotes within a JSTL tag and I am getting parsing errors. I tried to use escape chars for the single quote but it does not work. What am I doing wrong?

<c:out value='${\'<fmt:message key="only_one_month" bundle="${lang}"/>\'}' />
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66204
151
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What are you trying to do? Are you trying to pass the result of the message lookup to c:out? If so, why? If not, what are you trying to do? We can only guess.
 
M Burke
Ranch Hand
Posts: 410
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:What are you trying to do? Are you trying to pass the result of the message lookup to c:out? If so, why? If not, what are you trying to do? We can only guess.


My application is multi language. So I have a properties file with all the strings for each language. I use the JSTL fmt library tags to populate the page with the strings from the properties file.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66204
151
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So why are you trying to embed the <fmt:message> tag inside a <c:out>? Just use the <fmt:message> tag.
 
M Burke
Ranch Hand
Posts: 410
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:So why are you trying to embed the <fmt:message> tag inside a <c:out>? Just use the <fmt:message> tag.


Oh yes, that works. Thanks :)
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66204
151
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If something that should be simple seems overly-complex, then there's a good bet that it's being over-thought. I'm curious: why did you think you needed to do all that embedding?
 
Paul Clapham
Sheriff
Posts: 22496
43
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I can easily see that when you use <c:out> all the time, you would naturally arrive at M Blake's problematic code. I remember having to deal with similar quoting issues when I used <c:out> all the time too. But when I found that I could use EL expressions directly without having to use <c:out> -- I think it was several years ago when that changed -- I actually went through a lot of existing code and ripped out all of the <c:out> instances.

(Yes, I know that <c:out> still has its use cases. But they didn't apply to my code.)
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66204
151
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is probably a good time and place to point out what the differences are:

  • <c:out> escapes its output by default. That is; it will replace certain characters, such as the < with their HTML entity equivalents so that they appear as themselves, rather than being construed as markup. This is important not only when you need to emit those characters, but for when you are emitting untrusted text (anything entered by a user or other non-trusted source) in order to avoid injection attacks.


  • When an EL expression is used without <c:out> no such escaping takes place. This is suitable when the source of the text is trusted.
  •  
    • Post Reply Bookmark Topic Watch Topic
    • New Topic
    Boost this thread!