I want to unescape html chars in Spring JSP.
<c:out value="${fn:***unescapeHtml***(item.name)}" />
Is there an unescapeHtml or equivalent ?
Since I did not find a jsp tag to do the same, I had to resort to javascript method. That makes sense to me as I used javascript to escape at the first place, and it works fine.
I have put this into the $.ready() of the page.
$.find(xxxx) {
$(this).text((unescape($(this).text())));
}
Related
When I use the below jstl code
<a href="http://mysite.com?id="<c:out value="${myid}"/>/><c:out value="${myid}"/></a>
the output is :
"1234"
The value 1234 corresponds to the variable value of myid but the url being generated is
"http://mysite.com?id=" so no value for myid is being generated as part of the href.
How can I amend the href so that entire href is displayed :
"http://mysite.com?id=1234"
instead of :
"http://mysite.com?id="
Ultimately, JSP/JSTL generates HTML. You're familiar with basic HTML, right?
Look closer at the generated HTML output by rightclick, View Source in browser. You'll see:
<a href="http://mysite.com?id="1234/>1234</a>
Is that valid HTML? No, you're closing the attribute value too soon with " at wrong place and you're closing the tag too soon with />. Look, the Stack Overflow HTML syntax highlighter also got confused. Instead, it should have been:
1234
Fix the HTML generator (i.e. the JSP/JSTL code) accordingly so that it generates the desired HTML:
<c:out value="${myid}"/>
Unrelated to the concrete problem, the <c:out> is only helpful in preventing XSS attack holes when redisplaying user-controlled input and actually the wrong tool to inline URL parameters. If you can guarantee that ${myid} is always a number (because it's a Long or Integer), you can even just leave it entirely out, making the code prettier to read:
${myid}
If the ${myid} is however not a guaranteed to be a number (because it's a String), then you should use <c:url> and <c:param> to properly URL-encode it:
<c:url value="http://mysite.com" var="myURL">
<c:param name="id" value="${myid}" />
</c:url>
<c:out value="${myid}" />
<c:url> tag is used to create an url. It is helpful in the case when cookies is turned off by the client, and you would be required to rewrite URLs that will be returned from a jsp page.
<c:param> tag may used as a subtag of to add the parameters in the returned URL. Using these parameters encodes the URL.
<c:url value="http://mysite.com" var="myURL">
<c:param name="id" value="${myid}" />
</c:url>
<a href="${myURL}" />${myURL}</a>
Read more from here.
Given the following MVC3 i18n use:
at a jsp file:
<s:message code="clickHere">
at message.properties file:
clickHere=Please click Here
a user's browser will display(and the word Here will be a link to http://abc.com):
Please click Here
Thanks
Did you try
<s:message code="clickHere" htmlEscape="false" />
In any case you use Thymeleaf, instead of th:text, you should use the th:utext.
Example below:
# Instead of this
<div th:text="#{message}">text to be replaced</div>
# Use this
<div th:utext="#{message}">text to be replaced</div>
You should always keep in mind that using the th:utext can cause XSS Attacks.
In the properties file, you will obviously have the following,
# In properties
message=Text to be displayed
I am refactoring an existing web app to use struts tags instead of scriptlets. One of the things occurring multiple tiems is the conditional check like
<%if ("true".equals(requset.getparameter("someParam"))) {%>
some html, javascript
<%else{%>
some other html,javascript
<%}%>
I wish to replace this with struts logic tag to replace scriptlets. Is it possible to do it without storing someParam inside a formbean? By default, it seems the syntax of logic tag works only with formbean parameters.
While not a struts-specific solution: have you thought about using JSTL custom tags? The tags are included in the latest web container specifications and can be easily added older web containers which do not include the JSTL specification by default.
Here is a solution based on JSTL:
<%# taglib uri="http://java.sun.com/jstl/core" prefix="c" %>
...
<c:choose>
<c:when test="${param.someParam eq 'true'}">
some html, javascript
</c:when>
<c:otherwise>
some other html, javascript
</c:otherwise>
</c:choose>
Unless you are using the struts custom tags to generate your UI components, it is always preferred to use the JSTL standard tags whenever possible. However, if you are set on using struts, here is an example with Struts 1:
<bean:parameter id="paramValue" name="someParam" />
<logic:equal name="paramValue" value="true">
some html, javascript
</logic:equal>
<logic:notEqual name="paramValue" value="true">
some other html, javascript
</logic:notEqual>
You will note that this solution takes the request parameter and puts into into a page scoped attribute (paramValue) that can then be accessed by the struts logic custom tag.
I have seen several examples using
<a href="<spring:url value='/about/' />" >About </a>
I try this and get an error from Jetty
Caused by: org.apache.jasper.JasperException: /WEB-INF/views/footer.jspx(6,22) The value of attribute "href" associated with an element type "null" must not contain the '<' character.
Is there some encoding setting I have overlooked?
This is unfortunate because the other examples of using spring url I have seen are ugly
<spring:url value='/about' var="about_url" />
About MyFit
Do I really need an additional line for every hyperlink in my templates?
Is this something that is fairly trivial and I have overlooked?
You have a .jspx file, which must be a well-formed XML document. In .jsp files it would work fine.
Trying to do this programatically
<a4j:commandLink ... onclick="#{rich:component('modalPanelID')}.show()"/>
This doesn't work:
HtmlAjaxCommandLink commandLinkObject = new HtmlAjaxCommandLink();
...
commandLinkObject.setOnClick("#{rich:component('modalPanelID')}.show()");
Any idea why and how to make it work?
Thanx.
Because the expression is never evaluated.
With the first approach when the page is rendered the #{rich:component...} is evaluated by Richfaces and something like the code below is rendered on the page:
document.getElementById('formID:modalPanelID').component.show();
Because you are doing this progammatically you are bypassing this rendering. I would suggest that you just use the rendered javascript from above.
commandLinkObject.setOnClick("document.getElementById('formID:modalPanelID').component.show()");