Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2050
  • Last Modified:

struts and & -> &

Hello,
I have a problem with some characters like & ...
I mean, in struts-config.xml, in tag <forward ... path="/form/test.jsp?type=1&index=1" -> if I let & here, struts-config.xml will not be parsed. I have to change from & to &amp;
I have a from like that: (test.jsp)
<html:form action="/test">
<html:text name="text1" value="R&D departement">
<html:button name="btn" onclick="formSubmit()">
</html:form>
In TestAction, after do something, I will forward to test.jsp -> save text1 to session's variable
In test.jsp, I will comapre the value of text1 and session variable
but I got the result like that
alert(document.forms[0].text1.value) => "R&D department"
alert("<nested:write property="text1" name="text1"/>") => "R&amp;D department"
so they are not equal
Please show me how to solve it?
Thank you very much
P/S: I think in some cases with the special letters, it will be the same case like &
0
nphnhi
Asked:
nphnhi
  • 9
  • 7
2 Solutions
 
TimYatesCommented:
<html:text name="text1" value="R&D departement">

should be:

<html:text name="text1" value="R&amp;D departement">

basically, keep the & encoded as much as you can...  

You can use a class like this to encode your strings for HTML:

public class HtmlEncoder
{
  private static final String[] htmlCode = new String[ 256 ] ;
  static
  {
    for( int i = 0 ; i < 10 ; i++ )
    {
      htmlCode[ i ] = "&#00" + i + ";" ;
    }

    for( int i = 10 ; i < 32 ; i++ )
    {
      htmlCode[ i ] = "&#0" + i + ";" ;
    }

    for( int i = 32 ; i < 128 ; i++ )
    {
      htmlCode[ i ] = String.valueOf( ( char )i ) ;
    }

    // Special characters
    htmlCode[ '\t' ] = "\t" ;
    htmlCode[ '\n' ] = "<br>\n" ;
    htmlCode[ '\r' ] = "" ;
    htmlCode[ '\"' ] = "&quot;" ; // double quote
    htmlCode[ '&' ] = "&amp;" ; // ampersand
    htmlCode[ '<' ] = "&lt;" ; // lower than
    htmlCode[ '>' ] = "&gt;" ; // greater than

    for( int i = 128 ; i < 256 ; i++ )
    {
      htmlCode[ i ] = "&#" + i + ";" ;
    }
  }

  public static String encode( String string )
  {
    string = string.trim() ;
    int n = string.length() ;
    char character ;
    StringBuffer buffer = new StringBuffer() ;
    // loop over all the characters of the String.
    for( int i = 0 ; i < n ; i++ )
    {
      character = string.charAt( i ) ;
      // the Htmlcode of these characters are added to a StringBuffer one by one
      if( character < 256 )
      {
        buffer.append( htmlCode[ character ] ) ;
      }
      else
      {
        // Improvement posted by Joachim Eyrich
        buffer.append( "&#" ).append( ( int )character ).append( ";" ) ;
      }
    }
    return buffer.toString().trim() ;
  }
}

so you'd call something like:

    alert( '<%= HtmlEncode.encode( "R&D department" ) %>' ) ;
0
 
siliconeagleCommented:
basically the browser treats, &amp; as ampersand in HTML, it is part of the HTML and XML standards - all characters in HTML and XML can the represented in the form &xxxx; so you just have to be a bit careful about what form you put where.
in your code above :-
<html:text name="text1" value="R&D departement"> outputs
<input type="text" name="text1" value="R&amp;D department"/> the & is encoded by the struts tag. But when read by the browser the value is interpreted as 'R&D department' and the &amp; is converted by the HTML parser. So when you alert (alert(document.forms[0].text1.value)  )the value you get 'R&D department'.

in the other case when you alert("<nested:write property="text1" name="text1"/>") the & is converted by the struts tag but NOT converted back by the HTML parser as it is in a javascript string, so you see "R&amp;D department" in the alert window.
basically the struts tags are made to put HTML not javascript so print values to hidden form elements or into some HTML element (e.g. <div/>) but dont use them to print directly into javascript areas of you webpage.
0
 
siliconeagleCommented:
you could also do this:-
alert("<nested:write property="text1" name="text1"/>".replace(/&amp;/g,"&"));
which does a string replacement on the HTML encoded &amp;
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
nphnhiAuthor Commented:
if that, how to avoid struts to encode parameter?
0
 
TimYatesCommented:
Struts doesn't encode it...

the browser does

there's nothing you can do to stop it
0
 
siliconeagleCommented:
I disagree ....
you can test it put a property in a bean like this:-

private String  testEnc="\"&\"";
public String getTestEnc() {
            return testEnc;
      }
      /**
       * @param testEnc The testEnc to set.
       */
      public void setTestEnc(String testEnc) {
            this.testEnc = testEnc;
      }
}

and write it out in a JSP
<bean:write property="testEnc" name="userBean"/>
and i get
&quot;&amp;&quot;
0
 
siliconeagleCommented:
if you have JSTL installed you can use
<c:out value="${userBean.testEnc}" escapeXml="false"/>
0
 
siliconeagleCommented:
otherwise you have you do a javascript string replacement:-
var str="<nested:write property="text1" name="text1"/>";
alert(str.replace(/&amp;/g,"&"));
0
 
TimYatesCommented:
or just accept the fact that the values will be escaped, and use that class I posted...
0
 
siliconeagleCommented:
is this what he/she wants to do though - isnt he/she asking why & are being encoded.
0
 
TimYatesCommented:
> isnt he/she asking why & are being encoded.

Well, in that case, the answer is "because & is an HTML control character, so it has to be encoded for the browser to handle it properly"
0
 
siliconeagleCommented:
but it is by the struts tag
0
 
TimYatesCommented:
but struts is an HTML framework, so it encodes things that are sent to the browser
0
 
siliconeagleCommented:
so my interpretation was that hes asking why it isn't decoded in a javascript alert tag - because it's in a javascript string not a HTML element.
0
 
TimYatesCommented:
But Struts doesn't know that...  It has no concept of context, it doesn't know if it's writing inside a <td> or a javascript method...it just encodes stuff...

So long as you know that struts will just encode stuff, you can deal with that fact (by comparing against encoded values, instead of the original values)
0
 
siliconeagleCommented:
but all you want to do is decoode &amp; to & in javascript.
0
 
TimYatesCommented:
Split TimYates & siliconeagle
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 9
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now