The Stripes OOTB validation error message formats look like this:
converter.number.invalidNumber=The value ({1}) entered in field {0} must
be a valid number
Somehow, when the framework does what it does for a simple <stripes:errors/>
tag, the user-supplied value is correctly HTML-escaped on its way to the
page.
However, I know that it's possible to embed markup into the message strings
(even though I find that a deeply troubling practice), so that:
converter.number.invalidNumber=The value ({1}) entered in field {0}
<b>must</b> be a valid number
would do the right thing, correctly escaping the bogus form value but not
incorrectly escaping the markup in the message template.
This suggests to me that Stripes, when preparing the error messages, at some
point knows to HTML-escape the field values. I can't find any place in the
source that does that, but the way the validation error mechanism works is
somewhat dizzying.
So, is that what happens? I ask because some code I've got, code that
itself extracts ValidationError instances from action bean results, does not
seem to benefit from this sort of intelligent parameter escaping.
--
Turtle, turtle, on the ground,
Pink and shiny, turn around.
------------------------------------------------------------------------------
uberSVN's rich system and user administration capabilities and model
configuration take the hassle out of deploying and managing Subversion and
the tools developers use with it. Learn more about uberSVN and get a free
download at: http://p.sf.net/sfu/wandisco-dev2dev
_______________________________________________
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
