3.10. Filtering Text Input
Problem
You want to render data containing HTML tags, and you want that data to be interpreted and processed by the browser as HTML markup.
Solution
This is about as simple as it gets:
<bean:write name="myForm" property="freeText" filtered="false"/>
You can allow unfiltered values when using JSTL:
<c:out value="${myForm.freeText}" escapeXml="false"/>Discussion
When you use the Struts
bean:write tag to
generate text, by default any special characters sensitive to HTML
processing are replaced with their entity equivalents. For example,
the greater than character (>) is replaced with
the > character entity. This feature is
known as response filtering and is enabled by default. In most cases,
the filtering is desired, as an unfiltered response can be
misinterpreted by the browser. Table 3-4 shows the
characters and the corresponding replacement entities that are
filtered by the bean:write tag.
Table 3-4. Filtered characters
|
Character name |
Character value |
Replacement entity |
|---|---|---|
|
Less than |
|
|
|
Less than |
|
|
|
Ampersand |
|
|
|
Double quote |
" |
|
|
Backslash |
|
|
Sometimes, however, you want rendered text to include HTML tags. Suppose you had an online journaling application that allows a user to enter text that will be displayed on a page. Allowing HTML permits the user to use tags that make text appear in bold or italics. The text could contain hyperlinks, different font sizes, and images. In other situations, your application ...