On 7/15/02 1:38 PM, "Jon Scott Stevens" <[EMAIL PROTECTED]> wrote:
> on 7/15/02 6:43 AM, "Ed Yu" <[EMAIL PROTECTED]> wrote: > >> I'm looking into JSP migration to Velocity. There is one feature that >> the <bean:write ... filter="true"> tag offer, the ability to filer >> special html characters (<, >, &, etc...). Currently is there a "tool" >> to perform such filtering? > > Even better than Geir's suggestion (which is terribly not MVC I'll beg to differ. I think that this is just fine MVC as this is a view issue - if the data is to be XML encoded vs URL encoded vs translated to spanish vs translated to Klingon vs... That, to me, is a view thing. Otherwise you have to teach your model about presentation. > and prone to > mistakes...what if you forget to filter some user supplied data? You then > have a cross site scripting hole) This I agree with 100% :) >...is to write a ReferenceInsertionFilter > to do what you want... > > <http://scarab.tigris.org/source/browse/scarab/src/java/org/tigris/scarab/ut > il/ReferenceInsertionFilter.java?rev=1.11&content-type=text/x-cvsweb-markup> > And yes, for the non-lazy that want to do it right, this is great. -- Geir Magnusson Jr. Research & Development, Adeptra Inc. [EMAIL PROTECTED] +1-203-247-1713 -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
