Just getting the basics of PagingScrollTable working under GWT 1.7.1
and noted that the basic for CellRenderer was to use the
AbstractCellView.setHTML() method. Since my data shown comes from the
database, I want to be sure if people enter HTML constructs into our
forms, we don't display them as HTML unless we intended them to
contain HTML.
For example, I have a list now that contains a "Comments" section.
This is just a String in my database/app. Now this is not intended to
allow HTML, but if such constructs were entered, that would be fine,
but they should be displayed as entered and not be treated as HTML.
The view.setText() method is deprecated saying I should use setHTML
(). So it seems I have no way to tell the table that my data is a
plain text string and is not HTML.
If my comment string contains "Hello <a href="javascript:alert
('hello')">there</a>." I would like to be able to set the comment as
text so all the HTML is still readable (reads like above) rather than
inserting a link for the work 'there'. In my JSPs, I'd use our HTML
escaper that would convert '<' to '< and doublequotes to '"'
etc.
What's the main technique to use for this sort of escaping client
side? I'd prefer to not send back pre-HTML-escaped strings to the
client because it could create some odd sorting and display issues
when not used in widgets that expect the contents to be HTML (like a
Label), and prefer that the client who is displaying it knows whether
to treat the string as HTML or plain text.
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=.
