• Post Reply Bookmark Topic Watch Topic
  • New Topic

Filtering Strings for HTML-Specific Characters

 
Ganish Patil
Ranch Hand
Posts: 529
19
Chrome Eclipse IDE Hibernate Java jQuery MySQL Database Netbeans IDE Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm using Core Servlets and JavaServer Pages by Marty Hall and Larry Brown. In chapter 4, 4.6 Filtering Strings for HTML-Specific Characters In that book they have given example A Servlet That Displays Code Snippets.Here is the link. I created a servlet named HtmlSpecialCharacterFilteringServlet which takes java code as string from textarea of html form index.html using getParameter() method and prints as it is by using html tags. Though that string had special characters I didn't filter and printed it using an object of PrintWriter with html tags.
Question: Both filtered and unfiltered string prints same output then why we need to filter strings for special characters ? or may be I didn't understand the concept because of English is not my native language please can anyone clear my doubt?
index.html

web.xml:


HtmlSpecialCharacterFilteringServlet.java:


FilterString.java:
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65528
105
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
First of all, it's not customary for a servlet to generate HTML in strings. That's a really really old practice that went out of vogue when JSP was introduced. Now, servlets do processes, while JSP generated the view.

That said, the purpose of the exercise is to show how special characters such as < need to be escaped using HTML entities when used in places where they might be interpreted as markup rather than a literal character.

For example, what if you wanted to make the text "<html>" appear on your page, and not be interpreted as an HTML tag? If you just use the normal < and > characters, it will be interpreted as html markup.

So to make the text appear, the special characters must be replaced with the html entities &lt; and &gt; respectively. Doing so allows the text <html> to appear as text by writing it as &lt;html&gt;
 
Tim Holloway
Bartender
Posts: 18415
58
Android Eclipse IDE Linux
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote: Doing so allows the text <html> to appear as text by writing it as &lt;html&gt


Correction: &lt;html&gt; <===

These constructs are known in XML-ese as "entities" and the terminating semicolon is an integral part of the entity construct. Although I've seen some web browsers be sloppy about them.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65528
105
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yup, cut-n-paste error. Post fixed.
 
Ganish Patil
Ranch Hand
Posts: 529
19
Chrome Eclipse IDE Hibernate Java jQuery MySQL Database Netbeans IDE Spring Tomcat Server
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Now, servlets do processes, while JSP generated the view.
yes you meant MVC. yes very next concept 4.7 Automatically Populating Java Objects from Request Parameters: Form Beans made me learn how to use beans and how to populate beans by passing an object of Map using getParameterMap() method etc. I's like wow it's really reduced my work and it's good to separate processing, view. Thank you so much Bear and Tim
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!