This week's book giveaway is in the Kotlin forum.
We're giving away four copies of Kotlin in Action and have Dmitry Jemerov & Svetlana Isakova on-line!
See this thread for details.
Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

How to stop JSP from replacing HTML entity.  RSS feed

 
Bala Gangadhar
Ranch Hand
Posts: 119
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am using awesome fonts on my web page. In order to show some symbol i need to use "& lsquo ;" which will show a love symbol based on some condition.

I have the logic in Java file, which reads data from DB and based on the Db results it derives which symbol is that. when the pojo with this string returned back to JSP and i am insert this String in JSP .. its just replacing the & with html entity resulting "& amp ;lsquo;". How can i skip this converting the & to & in my JSP.




 
Paul Clapham
Sheriff
Posts: 22503
43
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think it would help if you showed us the JSP code in question.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66207
151
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You want to stop the HTML encoding of the entity. Be aware that defeating the HTML encoding can introduce injection attacks.

Does the data come from an untrusted source?

Post the snippet of code so we can advise you on the best way to proceed. Are you using <c:out>?
 
Bala Gangadhar
Ranch Hand
Posts: 119
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Please note that I intentionally put some space in the entity ♣ as & clubs ;, just to show the entity code here in the post.
In the java file..

If (some Condition) {
// & clubs ; is to represents Clubs symbol in awesome fonts. I am importing Awesome fonts on JSP page.
resultsStr = "& clubs ;" ;
} else {
resultStr = "its a normal string"
}

And in JSP file

<s:property value="resultStr" />

The problem here is..

Its being displayed as & clubs ;. When i look at the source code in the browser i see & in the "& clubs ;" is being replace with & amp ;
 
Paul Clapham
Sheriff
Posts: 22503
43
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, if you were using standard JSTL elements you would do this:



of course keeping in mind Bear's warning. I don't know where that "s:property" element comes from but perhaps it has a similar attribute.
 
Stefan Evans
Bartender
Posts: 1836
10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The most likely would be for it to be the struts property tag.   https://struts.apache.org/docs/property.html
That documents the escapeHtml property which defaults to being true.

So to stop it doing the default behaviour:

 
Bala Gangadhar
Ranch Hand
Posts: 119
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks a lot.

Yes s:property is a struts tag and escape=false worked for me.

<s:property escape="false" value="StrValue" />


Thank you all.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!