I assume any html type tags that may be included in the text, you would want rendered
as visible HTML tags in the browser. So use a
HTML encoding method. There doesn't seem to be a JRE standard for this, so something
like this will do it :
public static String HTMLEncode( String unenc )
{
final String[] tokens = new String[] {"<", ">", "\"", "'"};
final String[] replacement = new String[] {"<", ">", """,
"'"};
StringBuffer sb = new StringBuffer(unenc);
for(int i = 0; i<tokens.length; i++)
{
int idx = 0;
while((idx = sb.indexOf(tokens[i], idx)) != -1)
sb.replace(idx, idx + tokens[i].length(),
replacement[i]);
}
return sb.toString();
}
> -----Original Message-----
> From: Mufaddal Khumri [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 31, 2003 4:51 AM
> To: Tomcat Users List
> Subject: Suggestions ?
>
>
> Hi,
>
> Am using tomcat 4.1.24.
>
> Have a XYZ.jsp with a form on it take data from the user. Once the user
> clicks submit the data is stored in the database and the data that the
> user entered is shown to him on ABC.jsp.
>
> The problem is that the user can enter anything in the text field and
> text area of the form on XYZ.jsp. For example in the description text
> area he or she might enter - text, an http url, maybe html tags etc.
> Now when i grab this data from the form and store it to the databse it
> works fine, but when i grab the data from the database and render it on
> ABC.jsp it gets messed up because the html tags in the data interfere
> with the html of the page. Is there a way in tomcat escape such
> characters or are there java methods that i could use to pass this
> string through that would do the escaping for me ?
>
> Thanks.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
