dnaber 2004/11/01 15:22:26
Modified: src/jsp Tag: lucene_1_4_2_dev results.jsp
Log:
backport: escape HTML in error messages, also fixing some typos in comments, and
making a link valid XHTML
Revision Changes Path
No revision
No revision
1.2.2.1 +21 -10 jakarta-lucene/src/jsp/results.jsp
Index: results.jsp
===================================================================
RCS file: /home/cvs/jakarta-lucene/src/jsp/results.jsp,v
retrieving revision 1.2
retrieving revision 1.2.2.1
diff -u -r1.2 -r1.2.2.1
--- results.jsp 2 Apr 2002 05:15:43 -0000 1.2
+++ results.jsp 1 Nov 2004 23:22:26 -0000 1.2.2.1
@@ -1,13 +1,13 @@
-<%@ page import = " javax.servlet.*, javax.servlet.http.*, java.io.*,
org.apache.lucene.analysis.*, org.apache.lucene.document.*, org.apache.lucene.index.*,
org.apache.lucene.search.*, org.apache.lucene.queryParser.*, org.apache.lucene.demo.*,
org.apache.lucene.demo.html.Entities" %>
+<%@ page import = " javax.servlet.*, javax.servlet.http.*, java.io.*,
org.apache.lucene.analysis.*, org.apache.lucene.document.*, org.apache.lucene.index.*,
org.apache.lucene.search.*, org.apache.lucene.queryParser.*, org.apache.lucene.demo.*,
org.apache.lucene.demo.html.Entities, java.net.URLEncoder" %>
<%
/*
Author: Andrew C. Oliver, SuperLink Software, Inc. ([EMAIL PROTECTED])
- This jsp page is deliberatly written in the horrble java directly embedded
- in the page style for an easy and conceise demonstration of Lucene.
+ This jsp page is deliberatly written in the horrible java directly embedded
+ in the page style for an easy and concise demonstration of Lucene.
Due note...if you write pages that look like this...sooner or later
- you'll have a maintenance nightmere. If you use jsps...use taglibs
+ you'll have a maintenance nightmare. If you use jsps...use taglibs
and beans! That being said, this should be acceptable for a small
page demonstrating how one uses Lucene in a web app.
@@ -15,6 +15,16 @@
*/
%>
+<%!
+public String escapeHTML(String s) {
+ s = s.replaceAll("&", "&");
+ s = s.replaceAll("<", "<");
+ s = s.replaceAll(">", ">");
+ s = s.replaceAll("\"", """);
+ s = s.replaceAll("'", "'");
+ return s;
+}
+%>
<[EMAIL PROTECTED] file="header.jsp"%>
<%
boolean error = false; //used to control flow for error
messages
@@ -40,7 +50,7 @@
//or otherwise corrupt index
%>
<p>ERROR opening the Index - contact sysadmin!</p>
- <p>While parsing query: <%=e.getMessage()%></p>
+ <p>Error message: <%=escapeHTML(e.getMessage())%></p>
<% error = true; //don't do
anything up to the footer
}
%>
@@ -68,11 +78,11 @@
query = QueryParser.parse(queryString, "contents",
analyzer); //parse the
} catch (ParseException e) { //query and
construct the Query
//object
- //if its just
"operator error"
+ //if it's
just "operator error"
//send them a
nice error HTML
%>
- <p>Error While parsing query: <%=e.getMessage()%></p>
+ <p>Error while parsing query:
<%=escapeHTML(e.getMessage())%></p>
<%
error = true; //don't
bother with the rest of
//the page
@@ -126,9 +136,10 @@
<% if ( (startindex + maxpage) < hits.length()) { //if there are
more results...display
//the more link
- String moreurl="results.jsp?query=" + queryString +
//construct the "more" link
- "&maxresults=" + maxpage +
- "&startat=" + (startindex + maxpage);
+ String moreurl="results.jsp?query=" +
+ URLEncoder.encode(queryString) +
//construct the "more" link
+ "&maxresults=" + maxpage +
+ "&startat=" + (startindex + maxpage);
%>
<tr>
<td></td><td><a href="<%=moreurl%>">More Results>></a></td>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
