Encoding for a text area
26 views
Skip to first unread message
Mat Jaggard
Aug 1, 2012, 9:57:13 AM8/1/12
to cambridge...@googlegroups.com
I have a template which contains
<textarea ...>${contents}</textarea>
However I'm finding that any newlines have a <br/> added. How do I
prevent this but still encode characters like "<" so that the page
can't be hacked?
<textarea ...>${contents}</textarea>
However I'm finding that any newlines have a <br/> added. How do I
prevent this but still encode characters like "<" so that the page
can't be hacked?
Erdinc Yilmazel
Aug 1, 2012, 10:21:00 AM8/1/12
to cambridge...@googlegroups.com
Interesting, I don't remember converting new line characters to <br/> tags in the Escape filter but apparently I am doing so: https://github.com/erdincyilmazel/Cambridge/blob/master/cambridge-core/src/main/java/cambridge/runtime/EscapeFilter.java
I don't think this should be done by default. I can work on a patch sometime today and make this behavior optional.
What do other people think about his possible change?
Erdinc
Mat Jaggard
Aug 1, 2012, 10:44:58 AM8/1/12
to cambridge...@googlegroups.com
Just as an FYI, since I'm using Commons Lang in other places, I've
changed to doing the encoding in my Java code using
org.apache.commons.lang3.StringEscapeUtils.escapeHtml4() which also
encodes other HTML entities in addition to ", &, <, >
and &#xxxx;
Mat.
changed to doing the encoding in my Java code using
org.apache.commons.lang3.StringEscapeUtils.escapeHtml4() which also
encodes other HTML entities in addition to ", &, <, >
and &#xxxx;
Mat.
Erdinc Yilmazel
Aug 1, 2012, 11:11:14 AM8/1/12
to cambridge...@googlegroups.com
Yeah that probably is a better alternative to built in escape logic in Cambridge. I want to keep external dependencies of Cambridge to minimal so I didn't use any libraries like apache commons for core functionality.
Reply all
Reply to author
Forward
0 new messages