• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

html escape chars problem

 
Martas Walter
Greenhorn
Posts: 5
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I am working on my first JSP-servlet-DB application and I have problem with special characters <>. I need to view text from db in my jsp page, but some HTML elements typed into textarea caused trouble. I don't want to forbid inserting special chars, so I just decided to escape them...like this:

String text = textFromDB.replaceAll("<", "& lt;"); //used space in & lt; otherwise it shows escaped in here:)
.....
then use it somewhere in my jsp <%= text %>

Problem is that < is not escaped, text in my page shows & lt; still
...strangely enough escaping & with & amp; works, but not <,>
I know JSTL can escape all special chars and javascript has some tools as well, but i not very familiar with them and I do not have time to learn them (yet). I just wish to know where can be problem in my current solution, because according to some other internet resources it should work like that.
Thanks for any suggestion.
//developing in eclipse + tomcat 7
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64173
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Using scriptlets is out-of-date by almost 10 years. 10 years! A whole decade! I would say that it's high time that you familiarize yourself with the JSTL and EL. The longer you wait, the harder the transition will be.
 
Martas Walter
Greenhorn
Posts: 5
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I know I am not doing it in a proper way, but I am quite new into whole servlets-jsp thing. I wanted to learn about JSTL right after finishing my current project and then rewrite it without using scriptlets (because of gaining some practice). So please if you have any idea about my question, let me know. Thanks.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64173
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you are new to JSP you should be learning the right way first -- not "the wrong way, and then I'll fix it later". Scriptlets are last decade, you should never have started using them at all.

That all said, if you insist on proceeding along the incorrect path I would write a custom tag that replaces the "special" characters with their HTML entity equivalents.

As a novice to JSP I'd advise you to read:
  • The Secret Life of JSPs
  • The Front Man


  • And, welcome to the Ranch!
     
    Pete Nelson
    Ranch Hand
    Posts: 147
    Debian Eclipse IDE Tomcat Server
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    There is little benefit of writing your own custom HTML/XML escape program when it is built into JSTL. JSP and JSTL are made specifically to help you over the hurtles of converting data to HTML.

    Using java scriptlets within JSP is considered a bad practice. While I understand the need for practice ... why a BAD practice? When Bear recommends not to do it, he's not steering you wrong.

    If you want to practice writing code, why not make your HTML escape program a helper class? Then you can write it in pure java, without having to escape the characters you're trying to escape in the HTML in JSP. (And I made that sentence purposely confusing - it's a metaphor for what you're trying to do in JSP).
     
    Scott Paffrath
    Greenhorn
    Posts: 4
    • 1
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    The Apache Commons library has excellent escape utilities.

    http://commons.apache.org/lang/api-2.4/org/apache/commons/lang/StringEscapeUtils.html

    http://commons.apache.org/lang/
     
    Martas Walter
    Greenhorn
    Posts: 5
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Thank you all for your answers, now I'll figure it out I hope.
    To answer why I don't use JSTL....well I thought it would too much of theory to learn servlets, jsp and jstl at once. I wanted to start practicing at least some of those technologies. But once I'm done with my first project, I'll abandon scriptlets. I promise:-)
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic