Quotes and EL

[francan]

In my Tomcat 6.0.20 container, I have a form value that works great
except if the user enters quotes in the form input. Anything in quotes
wont show up.
For example if they enter: Here is the "info"
The form value would only show: Here is the

Input example that wont work with quotes:
<input type="text" name="city" value="${dataBean.city}" />


If I use tick instead of quotes it works and shows anything in quotes:
<input type="text" name="city" value='${dataBean.city}' />


Please advise why this is happening and if there is an alternate
solution to this issue?

 

[Tim Slattery]

In my Tomcat 6.0.20 container, I have a form value that works great
except if the user enters quotes in the form input. Anything in quotes
wont show up.
For example if they enter: Here is the "info"
The form value would only show: Here is the

Input example that wont work with quotes:
<input type="text" name="city" value="${dataBean.city}" />

If I use tick instead of quotes it works and shows anything in quotes:
<input type="text" name="city" value='${dataBean.city}' />

Please advise why this is happening and if there is an alternate
solution to this issue?

It's happening because the first quote in the dataBean.city value
terminates the field. For example, if dataBean.city contains

abc"def"gh

Then the line above will result in this HTML:

<input type="text" name="city" value="abc"def"gh" />

So the browser sees that value is abc, then there's some extraneous
garbage, which it ignores.

I haven't been able to find a way to escape quote marks within a field
like this, so I think the only way out for you is to (for example) use
double quotes in your HTML, as you're doing, then have your dataBean
change all double quotes in the value of "city" to single quote marks.
That would avoid conflicts in your HTML, though it would show your
user something that's not exactly what they entered sometimes.

 

[Owen Jacobson]

It's happening because the first quote in the dataBean.city value
terminates the field. For example, if dataBean.city contains

abc"def"gh

Then the line above will result in this HTML:

<input type="text" name="city" value="abc"def"gh" />

So the browser sees that value is abc, then there's some extraneous
garbage, which it ignores.

I haven't been able to find a way to escape quote marks within a field
like this, so I think the only way out for you is to (for example) use
double quotes in your HTML, as you're doing, then have your dataBean
change all double quotes in the value of "city" to single quote marks.
That would avoid conflicts in your HTML, though it would show your
user something that's not exactly what they entered sometimes.

<cut value="${dataBean.city}" escapeXml="true" /> is your friend here.

There's no built-in way to do it in-line in an EL expression, but you
could expose the same kind of escaping as an EL function in a custom
taglib, at which point you'd also be able to write
${mytags:escape(dataBean.city)} or what have you.

-o

 

[Jean-Baptiste Nizet]

Owen Jacobson a écrit :

On 2009-11-05 09:09:00 -0500, Tim Slattery <[email protected]> said:

<cut value="${dataBean.city}" escapeXml="true" /> is your friend here.

There's no built-in way to do it in-line in an EL expression, but you
could expose the same kind of escaping as an EL function in a custom
taglib, at which point you'd also be able to write
${mytags:escape(dataBean.city)} or what have you.

There is one such standard function :
${fn:escapeXml($dataBean.city)}

see
http://java.sun.com/products/jsp/jstl/1.1/docs/tlddocs/fn/escapeXml.fn.html

JB.

 

[Owen Jacobson]

Owen Jacobson a écrit :

There is one such standard function :
${fn:escapeXml($dataBean.city)}

see http://java.sun.com/products/jsp/jstl/1.1/docs/tlddocs/fn/escapeXml.fn.html

JB.

Well, now, that's handy. Thanks!

-o