Scott Van Wart wrote:
Frank W. Zammetti wrote:
Hi Scott... have a look at the ResponseHelpers class in Java Web Parts:
http://javawebparts.sourceforge.net
More precisely:
http://javawebparts.sourceforge.net/javadocs/index.html
The encodeEntities() method should do the trick.
Ahh... that class name you mentioned made me think of a class I saw
while stepping through some code... I think
org.apache.struts.util.ResponseUtils#filter will do the trick :).
If you want to escape the user-entered data at render time (i.e. when
you display it), that's already supported by various output-related tags
(c:out, bean:write, etc.) Escaping at render time is the usual approach,
since it protects you against malicious inputs from other sources (e.g.
SQL injection, bad database imports, etc.) I'm not aware of any
'standard' facilities for doing this to the user's input at submit-time,
though; if you want to do that, the ResponseUtils.filter() method is
probably your best bet.
L.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
