stackoom
  简体   繁体   中英

why are the escape characters being displayed in HTML?

 原文  2012-01-11 22:50:43       java/ html/ jsp/ escaping/ jstl

Question

I need to escape some text before displaying the contents on the webpage, and this in fact is being done correctly. However when I display the String in html, the escape characters will still be displayed. The following is such an example: 

hello there my ni&%ame is + - && !

and the respective string with escaping is the following: 

hello there my ni&%ame is + - && !

I've read somewhere that the core in taglib will only escape the basic ones such as >, < , ", \\t and space. however none of these escape sequences are removed from the html code. Does any of you know how to be able to solve this problem please? thanks

the following is part of the code used to convert a specific character to its escape character: 

while (character != CharacterIterator.DONE ){
         if (character == '<') {
           result.append("&lt;");
         }
         else if (character == '>') {
           result.append("&gt;");
         }
         else if (character == '&') {
           result.append("&amp;");


                } .....
       return result;
}

the escaping part is done and works perfectly.. the problem occurs when i try to display the string with escaped characters onto an html page

2 answers

solution1
 3 ACCPTED  2012-01-11 23:17:44

if (character == '<') {
    result.append("&lt;");
}
else if (character == '>') {
    result.append("&gt;");
// ...

Remove this. You don't need it. The JSTL <c:out> already does this job. 

<c:out value="${someBean.someProperty}" />

Your HTML string is otherwise escaped twice. Each & becomes an &amp; again and so on. If you really need to take the escaping in own hands (why?) then just don't use <c:out> at all: 

${someBean.someProperty}

or turn off its escaping by escapeXml="false" : 

<c:out value="${someBean.someProperty}" escapeXml="false" />

solution2
 1  2012-01-11 23:39:23

BalusC has nailed it.

A couple of additional points:

  • If you get problems with web pages not looking right, one of the things you should do is to look at the raw HTML using your web browser's "view source" function. In this case, it would have shown the double escaping, and a quicker realization of what the problem was.

  • In HTML, you should only need to escape < , > and & . Other characters should work just fine provided that your HTML is encoded in UTF-8 (and the content type says so too).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Escape characters displayed in TextView Why is there an element that is not being displayed? Why are the images not being displayed? escape special characters from html Java - Escape HTML characters excluding some characters Display HTML special characters in JSP: Why and When they are being escaped? PdfPTable element: Japanese characters are not being displayed Why is JRadioButton not being displayed on the JPanel? Why is the this JMenu being displayed on this JPanel? Why is parse tree not being displayed?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM