I do see Dale's point now about the security risk.
I'd generally agree with Dave that using a static method is basically the
same as a scriptlet. However, in this case I can't say it really belongs in
my bean. It's really more of a formatting issue. I'd hate to have my bean
have two getters f
Another issue, a more stylistic one, is that using
methods like this is barely better than scriptlets.
Some would argue that this type of work belongs on the
server side, especially if you're working with
non-programming designers (although some can be
trained to use a set of well-defined static me
chengas123 wrote:
Ahh, yes, that was my problem. I'm afraid I wasn't expecting that. I don't
really see how allowing static method access presents a security problem. I
am opening myself up to any obvious risks by turning this on?
If someone submits a value in a form that you mirror back to
Ahh, yes, that was my problem. I'm afraid I wasn't expecting that. I don't
really see how allowing static method access presents a security problem. I
am opening myself up to any obvious risks by turning this on?
Thanks,
Ben
DNewfield wrote:
>
>
> Have you turned off this capability (or r
day, November 13, 2007 6:55 PM
Subject: Re: [struts] Escaping Characters in Struts Property Tag
>
> That is basically what I had been trying all along. Am I doing anything
> wrong?
> returns what I am expecting.
> returns what I am expecting.
>
value="@[EMAIL PROT
chengas123 wrote:
returns what I am expecting.
returns nothing.
Have you turned off this capability (or rather not turned it back on)?
struts.ognl.allowStaticMethodAccess
https://issues.apache.org/struts/browse/WW-2160
Does:
value='[EMAIL PROTECTED]@escapeJavaScript("hello
world")}'/>
work
Yes. That's definitely not the problem. It's on my classpath, etc. I was
originally trying this same thing with a custom String util class that I
wrote and that did not work either. I should mention that I am using Struts
2.1.1. If I am doing this correctly, then perhaps it's a bug?
-Ben
chengas123 wrote:
returns what I am expecting.
returns nothing.
Do you have a commons-lang jar in your WEB-INF/lib?
http://commons.apache.org/lang/
-Dale
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands,
That is basically what I had been trying all along. Am I doing anything
wrong?
returns what I am expecting.
returns what I am expecting.
returns nothing.
returns nothing.
Thanks,
Ben
newton.dave wrote:
>
> --- chengas123 <[EMAIL PROTECTED]> wrote:
>> That brings me back to my original qu
chengas123 wrote:
Thanks. I will be sure to look at that.
That brings me back to my original question though which is how do I call
that from within the property tag?
value="[EMAIL PROTECTED]@escapeJavascript(ognlExpr)}"/>
-Dale
--- chengas123 <[EMAIL PROTECTED]> wrote:
> That brings me back to my original question though
> which is how do I call that from within the property
tag?
http://struts.apache.org/2.x/docs/ognl-basics.html
See the section called "Accessing static properties".
Nutshell:
d.
--
Thanks. I will be sure to look at that.
That brings me back to my original question though which is how do I call
that from within the property tag?
-Ben
DNewfield wrote:
>
> chengas123 wrote:
>> I think escaping would still be best for me
>
> Then you're looking for:
>
> org.apache.comm
chengas123 wrote:
I think escaping would still be best for me
Then you're looking for:
org.apache.commons.lang.StringEscapeUtils.escapeJavaScript()
-Dale
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e
Ahh, I'm afraid I'd missed that you reversed the order of the quotation
marks. I was not aware that could be done. However, what I'm actually
doing is putting the value into an onclick attribute. I'm not sure I can
use this trick because then I end up with something like
onClick="myFunction('te
Escape is true by default. It escapes HTML characters such as < and > and
not single quotes.
-Ben
Wes Wannemacher wrote:
>
> what about ''
>
> -Wes
>
>
--
View this message in context:
http://www.nabble.com/Escaping-Characters-in-Struts-Property-Tag-tf4799846.html#a13733962
Sent from
chengas123 wrote:
That does not escape the single quote.
Correct. But I believe the following is valid ecmascript (without the
single quote being escaped):
var testValue = "You've got to be kidding!";
-Dale
-
To unsubscri
what about ''
-Wes
On 11/13/07, chengas123 <[EMAIL PROTECTED]> wrote:
>
> That does not escape the single quote.
>
> -Ben
>
>
>
> DNewfield wrote:
> >
> > chengas123 wrote:
> >> var testValue = '';
> >>
> >> However, this does not work if the value has a single quote in it
> >
> > Try:
> > var te
That does not escape the single quote.
-Ben
DNewfield wrote:
>
> chengas123 wrote:
>> var testValue = '';
>>
>> However, this does not work if the value has a single quote in it
>
> Try:
> var testValue = "";
>
> -Dale
>
>
--
View this message in context:
http://www.nabble.com/Escapin
chengas123 wrote:
var testValue = '';
However, this does not work if the value has a single quote in it
Try:
var testValue = "";
-Dale
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTE
19 matches
Mail list logo
