Not 100% certain, but, I believe the default for the HTML form property tags was to *not* filter (i.e., filter="false") in Struts 1.0 and that was changed to default to do filtering (i.e., filter="true") in Struts 1.1. I am certain that the default for 1.1 is to do filtering.
Original post did not say which version of Struts was being used. If my recollection of 1.0 behavior is correct, then that could explain the difference in behavior described here for similar JSP logic. In that case, you simply need to explicitly set filtering on in all your Struts 1.0 <html:xxx> form property tags. The filter utility function (can't recall from memory the class name/package, but, check the source for the <html:xxx> tags to find where it is defined in Struts sources) converts the quote character and less-than and greater-than characters to their character entity equivalents. FYI, Van Mike Van Riper mailto:[EMAIL PROTECTED] http://www.baychi.org/bof/struts/ > -----Original Message----- > From: Adam Hardy [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 18, 2003 4:38 AM > To: Struts Users Mailing List > Subject: Re: Evil characters causing mischief in textarea and value > attribute contents > > > Hi Andrew, > I thought, man, you don't know that? Hahaha - and then I realised I > don't know either. > > I just checked my app to make sure it's not happening to me too, and > it's not. I have stuff like ""snowflake"" in the database and it gets > encoded automatically into > > value="a html-busting "character"" > > via <html:text>. Presumably <html:textarea> is the same. > > If you have <bean:write> you can add filter="true". > > > Adam > > On 09/18/2003 12:36 PM Andrew Hill wrote: > > We have some screens that allow users to edit some stuff > stored in the db, > > and some of this stuff includes such characters as " or \ > or whatever, and > > also some of them have xml tags as there contents. > > > > When rendering such fields we are hitting some problems. > > ie: if the value is something like: > > my cats name is "snowflake" > > > > we end up with: > > <input name="fieldname" value="my cats name is ""snowflake""/> > > > > ...which of course is not very good. > > > > Another one is textareas containing </textarea>! > > > > Whats the technique for handling this nicely? > > Obviously I need to escape these somehow. What do I need to > consider? > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > -- > struts 1.1 + tomcat 4.1.27 + java 1.4.2 > Linux 2.4.20 RH9 > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
