File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JSP and the fly likes html escape chars problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "html escape chars problem" Watch "html escape chars problem" New topic
Author

html escape chars problem

Martas Walter
Greenhorn

Joined: Dec 28, 2011
Posts: 5
Hi,
I am working on my first JSP-servlet-DB application and I have problem with special characters <>. I need to view text from db in my jsp page, but some HTML elements typed into textarea caused trouble. I don't want to forbid inserting special chars, so I just decided to escape them...like this:

String text = textFromDB.replaceAll("<", "& lt;"); //used space in & lt; otherwise it shows escaped in here:)
.....
then use it somewhere in my jsp <%= text %>

Problem is that < is not escaped, text in my page shows & lt; still
...strangely enough escaping & with & amp; works, but not <,>
I know JSTL can escape all special chars and javascript has some tools as well, but i not very familiar with them and I do not have time to learn them (yet). I just wish to know where can be problem in my current solution, because according to some other internet resources it should work like that.
Thanks for any suggestion.
//developing in eclipse + tomcat 7
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61106
    
  66

Using scriptlets is out-of-date by almost 10 years. 10 years! A whole decade! I would say that it's high time that you familiarize yourself with the JSTL and EL. The longer you wait, the harder the transition will be.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Martas Walter
Greenhorn

Joined: Dec 28, 2011
Posts: 5
Hi,
I know I am not doing it in a proper way, but I am quite new into whole servlets-jsp thing. I wanted to learn about JSTL right after finishing my current project and then rewrite it without using scriptlets (because of gaining some practice). So please if you have any idea about my question, let me know. Thanks.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61106
    
  66

If you are new to JSP you should be learning the right way first -- not "the wrong way, and then I'll fix it later". Scriptlets are last decade, you should never have started using them at all.

That all said, if you insist on proceeding along the incorrect path I would write a custom tag that replaces the "special" characters with their HTML entity equivalents.

As a novice to JSP I'd advise you to read:
  • The Secret Life of JSPs
  • The Front Man


  • And, welcome to the Ranch!
    Pete Nelson
    Ranch Hand

    Joined: Aug 30, 2010
    Posts: 147

    There is little benefit of writing your own custom HTML/XML escape program when it is built into JSTL. JSP and JSTL are made specifically to help you over the hurtles of converting data to HTML.

    Using java scriptlets within JSP is considered a bad practice. While I understand the need for practice ... why a BAD practice? When Bear recommends not to do it, he's not steering you wrong.

    If you want to practice writing code, why not make your HTML escape program a helper class? Then you can write it in pure java, without having to escape the characters you're trying to escape in the HTML in JSP. (And I made that sentence purposely confusing - it's a metaphor for what you're trying to do in JSP).


    OCPJP
    In preparing for battle I have always found that plans are useless, but planning is indispensable. -- Dwight D. Eisenhower
    Scott Paffrath
    Greenhorn

    Joined: Aug 27, 2010
    Posts: 4
    The Apache Commons library has excellent escape utilities.

    http://commons.apache.org/lang/api-2.4/org/apache/commons/lang/StringEscapeUtils.html

    http://commons.apache.org/lang/
    Martas Walter
    Greenhorn

    Joined: Dec 28, 2011
    Posts: 5
    Thank you all for your answers, now I'll figure it out I hope.
    To answer why I don't use JSTL....well I thought it would too much of theory to learn servlets, jsp and jstl at once. I wanted to start practicing at least some of those technologies. But once I'm done with my first project, I'll abandon scriptlets. I promise:-)
     
    jQuery in Action, 2nd edition
     
    subject: html escape chars problem