File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Struts and the fly likes Edit HTTP response Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Edit HTTP response" Watch "Edit HTTP response" New topic

Edit HTTP response

Julius Kabugu

Joined: Nov 02, 2010
Posts: 3
My Struts business layer sends HTTP responses to javascript and actionscript client; When I receive requests from these applications I convert the single quote and other special chars to html codes, e.g. & # 146 ; , mainly to prevent sql injection.
Now when returning the response to the client, I want to scan the xml content of the response after struts forms it and unescape the html (some sort of interceptor that edits the content of the response). Is this possible without throwing the IllegalStateException? How can I achieve it?
Joe Ess

Joined: Oct 29, 2001
Posts: 9189

One should never construct SQL queries out of user input. Use prepared statements and bound variables, as PreparedStatement correctly escapes any special characters.

[How To Ask Questions On JavaRanch]
I agree. Here's the link:
subject: Edit HTTP response
It's not a secret anymore!