• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Struts 1.2 - when I enter greater lesser symbol html:text texbox it's getting rendered as <>

 
josuva moorthy
Greenhorn
Posts: 11
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When i enter <>() it's saving as <>

I am using struts 1.2 where html:text is been used for getting the values from the UI
when I search in google they said problem releated character encoding

How i need to rectify

What I need to set in the jsp.
Please help me
 
Paul Clapham
Sheriff
Pie
Posts: 20206
26
MySQL Database
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
josuva moorthy wrote:When i enter <>() it's saving as <>


I'm not sure what you mean by "saving" or why that's the same as "getting rendered" from your post title -- perhaps you could explain what it is you're looking at where you see this changed data.

However it's perfectly normal for systems which accept input which is going to be redisplayed later within an HTML document to escape that input, so that it can't be used as part of a security exploit. In other words, instead of just redisplaying it as HTML data which will be rendered by the browser, possibly with evil effects, it is transformed so that it appears as text which represents the markup which was input. That's why the Struts element is called "html:text" -- because it's used to input text which may be displayed in HTML.

when I search in google they said problem releated character encoding


Unfortunately you stumbled across a post by somebody who had no idea what they were talking about.

How i need to rectify


I don't think there's anything to be rectified.
 
josuva moorthy
Greenhorn
Posts: 11
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the reply

The problem what I am facing is

1. In UI when I am giving input as "Jos<>()" field and click update it's getting updated
But when I am see the updated screen the " Jos& lt;& gt;& #40;& #41;"


Technology used is Struts 1.2

I am not aware what to do
 
Shankar Tanikella
Ranch Hand
Posts: 329
Eclipse IDE Java Oracle
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Moorthy,
It is true that for security pupose Struts convert < to < but what you are seeing in the response is with with space "& lt;". This implies that there is some encoding being performed in your application (may be a request/response wrapper OR would have modified the struts code itself ) Check out your security framework.

 
josuva moorthy
Greenhorn
Posts: 11
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the reply
 
josuva moorthy
Greenhorn
Posts: 11
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Shankar Tanikella wrote:Hi Moorthy,
It is true that for security pupose Struts convert < to < but what you are seeing in the response is with with space "& lt;". This implies that there is some encoding being performed in your application (may be a request/response wrapper OR would have modified the struts code itself ) Check out your security framework.




what I need to check in security framework .I am not aware of it.
This is the code

<%@ taglib uri="/WEB-INF/struts-html.tld" prefix="html" %>

<html:text styleClass="text" name="CardForm"
property="lastName"
maxlength="20" styleId="lastName"/>

When I enter <> symbol in textbox it's been changed to & lt; and & gt;


 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic