如何将字符串作为HTML代码从Java文件读取到JSP页面?
[英]How to read a string as an HTML code from a Java file to a JSP page?
问题描述
I am creating a simple web application program (uses JSP) wherein users can add, update, and delete an employee record. 
我正在创建一个简单的Web应用程序(使用JSP),用户可以在其中添加,更新和删除员工记录。 In adding a new record, user is not allowed to enter null values of last and given names. 在添加新记录时,不允许用户输入姓氏和给定名称的空值。 An error message will be displayed if user attempts to add record with a null value. 如果用户尝试添加具有空值的记录,将显示一条错误消息。 Error messages are generated from String in a Java file (action). 错误消息是从Java文件中的String生成的(操作)。 However, the String contains HTML tags. 但是,字符串包含HTML标记。 They are not read as an HTML code, but as HTML entities. 它们不是作为HTML代码读取,而是作为HTML实体读取。
Here is the method from my action Java file, which generates the error message: 这是我的操作Java文件中的方法,该方法生成错误消息:
final static String SUCCESS_MSG = "New record has been added successfully.";
final static String ERROR_MSG = "Not valid. ";
public String addEmployee() throws Exception
{
logger.info("addEmployee method called");
if (!this.employee.getLastname().isEmpty()
&& !this.employee.getFirstname().isEmpty())
{
this.employeeManager.addEmployee(this.employee);
addActionMessage(SUCCESS_MSG);
return SUCCESS;
}
else
{
addActionError(ERROR_MSG + (this.employee.getFirstname().isEmpty() ? "<b>First name</b>" :
this.employee.getLastname().isEmpty() ? "<b>Last name</b>" :
"<b>First</b> and <b>last names</b>") + " is null.");
return ERROR;
}
}
Here is from my JSP file, where the messages will be displayed: 这是我的JSP文件中显示消息的位置:
<s:if test="hasActionMessages()">
<div class="alert alert-success" role="alert">
<span class="glyphicon glyphicon-ok"></span>
<s:actionmessage />
</div>
</s:if>
<s:if test="hasActionErrors()">
<div class="alert alert-danger" role="alert">
<span class="glyphicon glyphicon-remove"></span>
<s:actionerror />
</div>
</s:if>
And here is the output: view image here . 这是输出: 在此处查看图像 。
I checked the HTML source code. 我检查了HTML源代码。 Less and greater than in the HTML tags were converted to HTML entities. 少于和大于HTML标记被转换为HTML实体。
<ul class="errorMessage">
<li><span>Not valid. <b>First name</b></span>
</li>
</ul>
1 个解决方案
解决方案1
0 已采纳 2014-11-20 03:02:34
This is actually the desired behaviour. 这实际上是期望的行为。 Inserted text is inherently untrustworthy as it my contain user supplied markup/javascript that will break your layout, or worse, insert cross-site scripting and other undesirable behaviour. 插入的文本本质上是不可信的,因为它包含用户提供的标记/ javascript,这会破坏您的布局,或者更糟的是,插入跨站点脚本和其他不良行为。
You shouldn't be embedding html into your code like that. 您不应该那样将html嵌入代码中。 It would be better to have the message stored in a separate property file and have the case specific value inserted at runtime. 最好将消息存储在单独的属性文件中,并在运行时插入区分大小写的值。 For example, the property file would have: 例如,属性文件将具有:
invalid.name=Not valid. {0}
The name would be inserted at runtime. 该名称将在运行时插入。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.