Re: Configure Wicket to detect some special HTML characters?
In Spring framework, there is a concept called HTML escape. Does Wicket have sometihng similar? Thanks. --- On Tue, 7/6/10, Jeremy Thomerson jer...@wickettraining.com wrote: From: Jeremy Thomerson jer...@wickettraining.com Subject: Re: Configure Wicket to detect some special HTML characters? To: users@wicket.apache.org Date: Tuesday, July 6, 2010, 1:23 AM Create a custom converter. Jeremy Thomerson -- sent from my smartphone - please excuse formatting and spelling errors On Jul 6, 2010 12:16 AM, David Chang david_q_zh...@yahoo.com wrote: I dont want to save these characters into the database. --- On Tue, 7/6/10, Martin Makundi martin.maku...@koodaripalvelut.com wrote: From: Martin Makundi martin.maku...@koodaripalvelut.com Subject: Re: Configure Wicket to detect some special HTML characters? To: users@wicket.apache.org Date: Tuesday, July 6, 2010, 1:09 AM Why would you want to do that? ** Martin 2010/7/6 David Chang david_q_zh...@yahoo.com... - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Configure Wicket to detect some special HTML characters?
In Spring framework, there is a concept called HTML escape. Does Wicket have sometihng similar? Strings.escape However, I suspect you are trying to solve wrong problem. Html should be escaped upon display not upon storage. ** Martin --- On Tue, 7/6/10, Jeremy Thomerson jer...@wickettraining.com wrote: From: Jeremy Thomerson jer...@wickettraining.com Subject: Re: Configure Wicket to detect some special HTML characters? To: users@wicket.apache.org Date: Tuesday, July 6, 2010, 1:23 AM Create a custom converter. Jeremy Thomerson -- sent from my smartphone - please excuse formatting and spelling errors On Jul 6, 2010 12:16 AM, David Chang david_q_zh...@yahoo.com wrote: I dont want to save these characters into the database. --- On Tue, 7/6/10, Martin Makundi martin.maku...@koodaripalvelut.com wrote: From: Martin Makundi martin.maku...@koodaripalvelut.com Subject: Re: Configure Wicket to detect some special HTML characters? To: users@wicket.apache.org Date: Tuesday, July 6, 2010, 1:09 AM Why would you want to do that? ** Martin 2010/7/6 David Chang david_q_zh...@yahoo.com... - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Configure Wicket to detect some special HTML characters?
Hi David, there are a lot of methods that escape the characters, for instance you can use org.apache.wicket.util.string.Strings.escapeMarkup method. But they make sense when you are writing an xml, like the page returned to browser. On Tue, Jul 6, 2010 at 9:08 AM, David Chang david_q_zh...@yahoo.com wrote: In Spring framework, there is a concept called HTML escape. Does Wicket have sometihng similar? Thanks. --- On Tue, 7/6/10, Jeremy Thomerson jer...@wickettraining.com wrote: From: Jeremy Thomerson jer...@wickettraining.com Subject: Re: Configure Wicket to detect some special HTML characters? To: users@wicket.apache.org Date: Tuesday, July 6, 2010, 1:23 AM Create a custom converter. Jeremy Thomerson -- sent from my smartphone - please excuse formatting and spelling errors On Jul 6, 2010 12:16 AM, David Chang david_q_zh...@yahoo.com wrote: I dont want to save these characters into the database. --- On Tue, 7/6/10, Martin Makundi martin.maku...@koodaripalvelut.com wrote: From: Martin Makundi martin.maku...@koodaripalvelut.com Subject: Re: Configure Wicket to detect some special HTML characters? To: users@wicket.apache.org Date: Tuesday, July 6, 2010, 1:09 AM Why would you want to do that? ** Martin 2010/7/6 David Chang david_q_zh...@yahoo.com... - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Pedro Henrique Oliveira dos Santos
Re: Configure Wicket to detect some special HTML characters?
Martin, thanks so much for your attention on this question. You are right, it is should be done on display, not on storage. Best, David --- On Tue, 7/6/10, Martin Makundi martin.maku...@koodaripalvelut.com wrote: From: Martin Makundi martin.maku...@koodaripalvelut.com Subject: Re: Configure Wicket to detect some special HTML characters? To: users@wicket.apache.org Date: Tuesday, July 6, 2010, 8:22 AM In Spring framework, there is a concept called HTML escape. Does Wicket have sometihng similar? Strings.escape However, I suspect you are trying to solve wrong problem. Html should be escaped upon display not upon storage. ** Martin --- On Tue, 7/6/10, Jeremy Thomerson jer...@wickettraining.com wrote: From: Jeremy Thomerson jer...@wickettraining.com Subject: Re: Configure Wicket to detect some special HTML characters? To: users@wicket.apache.org Date: Tuesday, July 6, 2010, 1:23 AM Create a custom converter. Jeremy Thomerson -- sent from my smartphone - please excuse formatting and spelling errors On Jul 6, 2010 12:16 AM, David Chang david_q_zh...@yahoo.com wrote: I dont want to save these characters into the database. --- On Tue, 7/6/10, Martin Makundi martin.maku...@koodaripalvelut.com wrote: From: Martin Makundi martin.maku...@koodaripalvelut.com Subject: Re: Configure Wicket to detect some special HTML characters? To: users@wicket.apache.org Date: Tuesday, July 6, 2010, 1:09 AM Why would you want to do that? ** Martin 2010/7/6 David Chang david_q_zh...@yahoo.com... - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Configure Wicket to detect some special HTML characters?
Can Wicket be configured to do this html escape without requiring a programmer to manually write calls to Strings#escapeMarkup? --- On Tue, 7/6/10, Pedro Santos pedros...@gmail.com wrote: From: Pedro Santos pedros...@gmail.com Subject: Re: Configure Wicket to detect some special HTML characters? To: users@wicket.apache.org Date: Tuesday, July 6, 2010, 8:25 AM Hi David, there are a lot of methods that escape the characters, for instance you can use org.apache.wicket.util.string.Strings.escapeMarkup method. But they make sense when you are writing an xml, like the page returned to browser. On Tue, Jul 6, 2010 at 9:08 AM, David Chang david_q_zh...@yahoo.com wrote: In Spring framework, there is a concept called HTML escape. Does Wicket have sometihng similar? Thanks. --- On Tue, 7/6/10, Jeremy Thomerson jer...@wickettraining.com wrote: From: Jeremy Thomerson jer...@wickettraining.com Subject: Re: Configure Wicket to detect some special HTML characters? To: users@wicket.apache.org Date: Tuesday, July 6, 2010, 1:23 AM Create a custom converter. Jeremy Thomerson -- sent from my smartphone - please excuse formatting and spelling errors On Jul 6, 2010 12:16 AM, David Chang david_q_zh...@yahoo.com wrote: I dont want to save these characters into the database. --- On Tue, 7/6/10, Martin Makundi martin.maku...@koodaripalvelut.com wrote: From: Martin Makundi martin.maku...@koodaripalvelut.com Subject: Re: Configure Wicket to detect some special HTML characters? To: users@wicket.apache.org Date: Tuesday, July 6, 2010, 1:09 AM Why would you want to do that? ** Martin 2010/7/6 David Chang david_q_zh...@yahoo.com... - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Pedro Henrique Oliveira dos Santos - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Configure Wicket to detect some special HTML characters?
Have you tried it? Martijn On Tue, Jul 6, 2010 at 3:26 PM, David Chang david_q_zh...@yahoo.com wrote: Can Wicket be configured to do this html escape without requiring a programmer to manually write calls to Strings#escapeMarkup? --- On Tue, 7/6/10, Pedro Santos pedros...@gmail.com wrote: From: Pedro Santos pedros...@gmail.com Subject: Re: Configure Wicket to detect some special HTML characters? To: users@wicket.apache.org Date: Tuesday, July 6, 2010, 8:25 AM Hi David, there are a lot of methods that escape the characters, for instance you can use org.apache.wicket.util.string.Strings.escapeMarkup method. But they make sense when you are writing an xml, like the page returned to browser. On Tue, Jul 6, 2010 at 9:08 AM, David Chang david_q_zh...@yahoo.com wrote: In Spring framework, there is a concept called HTML escape. Does Wicket have sometihng similar? Thanks. --- On Tue, 7/6/10, Jeremy Thomerson jer...@wickettraining.com wrote: From: Jeremy Thomerson jer...@wickettraining.com Subject: Re: Configure Wicket to detect some special HTML characters? To: users@wicket.apache.org Date: Tuesday, July 6, 2010, 1:23 AM Create a custom converter. Jeremy Thomerson -- sent from my smartphone - please excuse formatting and spelling errors On Jul 6, 2010 12:16 AM, David Chang david_q_zh...@yahoo.com wrote: I dont want to save these characters into the database. --- On Tue, 7/6/10, Martin Makundi martin.maku...@koodaripalvelut.com wrote: From: Martin Makundi martin.maku...@koodaripalvelut.com Subject: Re: Configure Wicket to detect some special HTML characters? To: users@wicket.apache.org Date: Tuesday, July 6, 2010, 1:09 AM Why would you want to do that? ** Martin 2010/7/6 David Chang david_q_zh...@yahoo.com... - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Pedro Henrique Oliveira dos Santos - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org -- Become a Wicket expert, learn from the best: http://wicketinaction.com Apache Wicket 1.4 increases type safety for web applications Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.8 - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Configure Wicket to detect some special HTML characters?
A label automatically escapes markup. It would take you about one minute to try this on an app you have. That would have saved you (and us) a lot of emails. Just give it a try. Jeremy Thomerson -- sent from my smartphone - please excuse formatting and spelling errors On Jul 6, 2010 8:27 AM, David Chang david_q_zh...@yahoo.com wrote: Can Wicket be configured to do this html escape without requiring a programmer to manually write calls to Strings#escapeMarkup? --- On Tue, 7/6/10, Pedro Santos pedros...@gmail.com wrote: From: Pedro Santos pedros...@gmail.com Subject: Re: Configure Wicket to detect some special HTML characters? To: us...@wicket.apache.or... Date: Tuesday, July 6, 2010, 8:25 AM Hi David, there are a lot of methods that escape the characters, for instance you can use or...
Re: Configure Wicket to detect some special HTML characters?
Jeremy, thanks for the advice, which is indeed correct. I tried it and it the default behavior for labels. I do have annother related question. I read Component API, which Label and other components inherit, and notice that it has a method: public final Component setEscapeModelStrings(boolean escapeMarkup) I further traced its source code, and it seems to me that escaping HTML is true by default for Componnent and its decedents, correct? what if I want to the HTML escape is false by default for Components and all its decendents? Any elegant way? In Spring, it can be a system-wide configuration, which can be overriden on a particular page. Hope this is not too much asking. Regards. --- On Tue, 7/6/10, Jeremy Thomerson jer...@wickettraining.com wrote: From: Jeremy Thomerson jer...@wickettraining.com Subject: Re: Configure Wicket to detect some special HTML characters? To: users@wicket.apache.org Date: Tuesday, July 6, 2010, 9:41 AM A label automatically escapes markup. It would take you about one minute to try this on an app you have. That would have saved you (and us) a lot of emails. Just give it a try. Jeremy Thomerson -- sent from my smartphone - please excuse formatting and spelling errors On Jul 6, 2010 8:27 AM, David Chang david_q_zh...@yahoo.com wrote: Can Wicket be configured to do this html escape without requiring a programmer to manually write calls to Strings#escapeMarkup? --- On Tue, 7/6/10, Pedro Santos pedros...@gmail.com wrote: From: Pedro Santos pedros...@gmail.com Subject: Re: Configure Wicket to detect some special HTML characters? To: us...@wicket.apache.or... Date: Tuesday, July 6, 2010, 8:25 AM Hi David, there are a lot of methods that escape the characters, for instance you can use or... - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Configure Wicket to detect some special HTML characters?
there is no system-wide setting to disable this because doing so opens a bunch of security holes. -igor On Tue, Jul 6, 2010 at 6:30 PM, David Chang david_q_zh...@yahoo.com wrote: Jeremy, thanks for the advice, which is indeed correct. I tried it and it the default behavior for labels. I do have annother related question. I read Component API, which Label and other components inherit, and notice that it has a method: public final Component setEscapeModelStrings(boolean escapeMarkup) I further traced its source code, and it seems to me that escaping HTML is true by default for Componnent and its decedents, correct? what if I want to the HTML escape is false by default for Components and all its decendents? Any elegant way? In Spring, it can be a system-wide configuration, which can be overriden on a particular page. Hope this is not too much asking. Regards. --- On Tue, 7/6/10, Jeremy Thomerson jer...@wickettraining.com wrote: From: Jeremy Thomerson jer...@wickettraining.com Subject: Re: Configure Wicket to detect some special HTML characters? To: users@wicket.apache.org Date: Tuesday, July 6, 2010, 9:41 AM A label automatically escapes markup. It would take you about one minute to try this on an app you have. That would have saved you (and us) a lot of emails. Just give it a try. Jeremy Thomerson -- sent from my smartphone - please excuse formatting and spelling errors On Jul 6, 2010 8:27 AM, David Chang david_q_zh...@yahoo.com wrote: Can Wicket be configured to do this html escape without requiring a programmer to manually write calls to Strings#escapeMarkup? --- On Tue, 7/6/10, Pedro Santos pedros...@gmail.com wrote: From: Pedro Santos pedros...@gmail.com Subject: Re: Configure Wicket to detect some special HTML characters? To: us...@wicket.apache.or... Date: Tuesday, July 6, 2010, 8:25 AM Hi David, there are a lot of methods that escape the characters, for instance you can use or... - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Configure Wicket to detect some special HTML characters?
igor, thanks for chiming in. rgards. --- On Tue, 7/6/10, Igor Vaynberg igor.vaynb...@gmail.com wrote: From: Igor Vaynberg igor.vaynb...@gmail.com Subject: Re: Configure Wicket to detect some special HTML characters? To: users@wicket.apache.org Date: Tuesday, July 6, 2010, 10:18 PM there is no system-wide setting to disable this because doing so opens a bunch of security holes. -igor On Tue, Jul 6, 2010 at 6:30 PM, David Chang david_q_zh...@yahoo.com wrote: Jeremy, thanks for the advice, which is indeed correct. I tried it and it the default behavior for labels. I do have annother related question. I read Component API, which Label and other components inherit, and notice that it has a method: public final Component setEscapeModelStrings(boolean escapeMarkup) I further traced its source code, and it seems to me that escaping HTML is true by default for Componnent and its decedents, correct? what if I want to the HTML escape is false by default for Components and all its decendents? Any elegant way? In Spring, it can be a system-wide configuration, which can be overriden on a particular page. Hope this is not too much asking. Regards. --- On Tue, 7/6/10, Jeremy Thomerson jer...@wickettraining.com wrote: From: Jeremy Thomerson jer...@wickettraining.com Subject: Re: Configure Wicket to detect some special HTML characters? To: users@wicket.apache.org Date: Tuesday, July 6, 2010, 9:41 AM A label automatically escapes markup. It would take you about one minute to try this on an app you have. That would have saved you (and us) a lot of emails. Just give it a try. Jeremy Thomerson -- sent from my smartphone - please excuse formatting and spelling errors On Jul 6, 2010 8:27 AM, David Chang david_q_zh...@yahoo.com wrote: Can Wicket be configured to do this html escape without requiring a programmer to manually write calls to Strings#escapeMarkup? --- On Tue, 7/6/10, Pedro Santos pedros...@gmail.com wrote: From: Pedro Santos pedros...@gmail.com Subject: Re: Configure Wicket to detect some special HTML characters? To: us...@wicket.apache.or... Date: Tuesday, July 6, 2010, 8:25 AM Hi David, there are a lot of methods that escape the characters, for instance you can use or... - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Configure Wicket to detect some special HTML characters?
If someone enters scriptalert(1)/script in a wicket form's text field, can Wicket be configured to detect special characters such as angle brackets and translate them into HTML entities before sending user input to database? If yes, any pointers? Best, David - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Configure Wicket to detect some special HTML characters?
Why would you want to do that? ** Martin 2010/7/6 David Chang david_q_zh...@yahoo.com: If someone enters scriptalert(1)/script in a wicket form's text field, can Wicket be configured to detect special characters such as angle brackets and translate them into HTML entities before sending user input to database? If yes, any pointers? Best, David - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Configure Wicket to detect some special HTML characters?
I dont want to save these characters into the database. --- On Tue, 7/6/10, Martin Makundi martin.maku...@koodaripalvelut.com wrote: From: Martin Makundi martin.maku...@koodaripalvelut.com Subject: Re: Configure Wicket to detect some special HTML characters? To: users@wicket.apache.org Date: Tuesday, July 6, 2010, 1:09 AM Why would you want to do that? ** Martin 2010/7/6 David Chang david_q_zh...@yahoo.com: If someone enters scriptalert(1)/script in a wicket form's text field, can Wicket be configured to detect special characters such as angle brackets and translate them into HTML entities before sending user input to database? If yes, any pointers? Best, David - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Configure Wicket to detect some special HTML characters?
Create a custom converter. Jeremy Thomerson -- sent from my smartphone - please excuse formatting and spelling errors On Jul 6, 2010 12:16 AM, David Chang david_q_zh...@yahoo.com wrote: I dont want to save these characters into the database. --- On Tue, 7/6/10, Martin Makundi martin.maku...@koodaripalvelut.com wrote: From: Martin Makundi martin.maku...@koodaripalvelut.com Subject: Re: Configure Wicket to detect some special HTML characters? To: users@wicket.apache.org Date: Tuesday, July 6, 2010, 1:09 AM Why would you want to do that? ** Martin 2010/7/6 David Chang david_q_zh...@yahoo.com...
Re: Configure Wicket to detect some special HTML characters?
I dont want to save these characters into the database. Why not? Why are you inputting data that you don't want to put into database? ** Martin --- On Tue, 7/6/10, Martin Makundi martin.maku...@koodaripalvelut.com wrote: From: Martin Makundi martin.maku...@koodaripalvelut.com Subject: Re: Configure Wicket to detect some special HTML characters? To: users@wicket.apache.org Date: Tuesday, July 6, 2010, 1:09 AM Why would you want to do that? ** Martin 2010/7/6 David Chang david_q_zh...@yahoo.com: If someone enters scriptalert(1)/script in a wicket form's text field, can Wicket be configured to detect special characters such as angle brackets and translate them into HTML entities before sending user input to database? If yes, any pointers? Best, David - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org