This week's giveaway is in the Java/Jakarta EE forum. We're giving away four copies of Java EE 8 High Performance and have Romain Manni-Bucau on-line! See Servlets and JavaServer Pages by Marty Hall and Larry Brown. In chapter 4, 4.6 Filtering Strings for HTML-Specific Characters In that book they have given example A Servlet That Displays Code Snippets.Here is the link. I created a servlet named HtmlSpecialCharacterFilteringServlet which takes java code as string from textarea of html form index.html using getParameter() method and prints as it is by using html tags. Though that string had special characters I didn't filter and printed it using an object of PrintWriter with html tags.
Question: Both filtered and unfiltered string prints same output then why we need to filter strings for special characters ? or may be I didn't understand the concept because of English is not my native language please can anyone clear my doubt?
First of all, it's not customary for a servlet to generate HTML in strings. That's a really really old practice that went out of vogue when JSP was introduced. Now, servlets do processes, while JSP generated the view.
That said, the purpose of the exercise is to show how special characters such as < need to be escaped using HTML entities when used in places where they might be interpreted as markup rather than a literal character.
For example, what if you wanted to make the text "<html>" appear on your page, and not be interpreted as an HTML tag? If you just use the normal < and > characters, it will be interpreted as html markup.
So to make the text appear, the special characters must be replaced with the html entities < and > respectively. Doing so allows the text <html> to appear as text by writing it as <html>
Now, servlets do processes, while JSP generated the view.
yes you meant MVC. yes very next concept 4.7 Automatically Populating Java Objects from Request Parameters: Form Beans made me learn how to use beans and how to populate beans by passing an object of Map using getParameterMap() method etc. I's like wow it's really reduced my work and it's good to separate processing, view. Thank you so much Bear and Tim