3.6. Filtering Strings for HTML-Specific Characters
Normally, when a servlet wants to generate HTML that will contain characters like < or >, it simply uses < or >, the standard HTML character entities. Similarly, if a servlet wants a double quote or an ampersand to appear inside an HTML attribute value, it uses " or &. Failing to make these substitutions results in malformed HTML code, since < or > will often get interpreted as part of an HTML markup tag, a double quote in an attribute value may be interpreted as the end of the value, and ampersands are just plain illegal in attribute values. In most cases, it is easy to note the special characters and use the standard HTML replacements. However, there are two cases when it is ...
Get Core Servlets and JavaServer Pages™ now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
