In my grails application I need to set html tags to the session. For example
session.setAttribute("message","<font color=\"green\">Successfully Processed</font>")
but when I am fetching the value from the GSP (like ${session.message}) the opening and closing tags get changed to <
So the whole text gets printed as such. Why?
This is due to encoding. The documentation explains the details and why. In your case you want to use raw like this:
${raw(session.message)}
Related
I hope you get my problem.
out.println("<li class='has-sub'><a href='#'>" + k1.getKName() + "</a>\n");
I have a JSP and inside this java code. The result is a navigation on the left side with several categories and subcategories. So this is one category element. As you can see, I didn't put anything in the href. What I want to do is, that when I click on this category, I will get the articles of this category in the content space on the right side.
So, what do I have to do with servlets or JSPs in order to give a result to the content space. I can't just call a servlet there of course, because that means that I get the result of the servlet inside the href obviously.
I am sorry if this is a silly question, but I really don't know how to solve this :(
Further to previous comments you do not need web services. You can do this using ajax and a normal Servlet. You might want to look at using JQuery to help with the Ajax part. Here's some JQuery documentation around the load() function which will:
Load data from the server and place the returned HTML into the matched
element.
https://api.jquery.com/load/
Your link will look something like (if k1 is a bean in some scope then you can use EL rather than scriptlets):
<a href='javascript:loadData(${k1.id});'>${k1.name}</a>
Your Javascript will look something like:
function loadData(id){
var url = "/pathToMyServlet?id=" + id;
$( "#result" ).load( url );
}
which will call your Servlet and insert the HTML returned to an element on your page with the ID 'result'.
Your Servlet then needs to generate the data and forward to a simple JSP which returns the results (and only the results) i.e. it does not need to be a fully formed HTML page but should only contain the table of results or whatever.
And stop using scriptlets:
How to avoid Java code in JSP files?
I have a custom tag that has no body at all. I'm trying to programmatically replace the empty body with, for simplicity's sake,
[<c:out value="SUCCESS!"/>]
The goal is to see "[SUCCESS!]" displayed by the JSP which uses the tag, but all I see is "[]" and if I look at the generated source code, I can see that the c:out statement is written on the page between the brackets, but not interpreted.
Is there a common way to achieve this ? The final goal will be to use other custom tags instead of the "c:out" tag. The tags/content will come from a database.
I tried different techniques with SimpleTagSupport and BodyTagSupport but none of those were successfull. In fact I'm not sure if it is technically possible to do it, since, the tag has already been interpreted at that time.. But then how should this be done ?
Server tags (like your custom tag or JSTL tags) get transformed to Java code when the JSP is translated into a servlet. For example, the following JSP code:
<c:out value="FooBar" />
gets translated to something like this inside the servlet:
....
OutTag outTag = (OutTag) tagHandlerPool.get(OutTag.class);
outTag.setPageContext(pageContext);
outTag.setParent(null);
outTag.setValue(new String("FooBar"));
int evalOut = outTag.doStartTag();
....
In your custom tags you can call other Java classes/methods and can write HTML code (not JSP code) to the response.
The [<c:out value="SUCCESS!"/>] is not interpreted because at this level it's just a string that gets written directly to the response.
I'm developing an Java Web Application, I used some jQuery and a REST web services that output an JSON object with a list of Javascript objects using AJAX. All is ok but when I try to fill a table created with Javascript using jQuery.html() to a valid div, all hell broke loose in Chrome, including this
Error: INVALID_STATE_ERR: DOM Exception 11
in the Javascript console.
The problem is like this, try this in chrome Javascript console:
$('#ValidadorWrapper').html("<div>AMOXICILIN 100 C&psulapsula</div>");
But if we delete the ampersand, it works
$('#ValidadorWrapper').html("<div>AMOXICILIN 100 Camp;psulapsula</div>");
This problem happens only in Chrome, I suspect it has something to do with the encoding characters but I cant' find any way of doing it. Obviously I need to input an & ( i mean the & entity) in this document.
Some steps I have tried and didn't work:
I'm using the gson library to output a String to an JSP page. My JSP page have this header <%#page pageEncoding= "UTF-8" contentType="text/html; charset=UTF-8" %> . This was my first attempt and didn't work when an ampersand appeared in my JSON object (well any special char).
My second attempt was using the HTMLEntities Java library to encode all special chars. This is the actual version and it still doesn't work
Using unicode chars like \u0026 doesnt work either
There is something more strange. Apparently if I use $('#ValidadorWrapper').html("AMOXICILIN 100 \u0026"); it works!, but this is just an example. I'm trying to fill an HTML table with my object so I really need to put that data inside html (table) tags
Try this:
$('<div></div>').appendTo('#ValidadorWrapper').text('AMOXICILIN 100 Cápsulapsula');
I have a small webapp which handles a lot of Spanish text.
At one point in the code, a JSP page responds with a Json String containing some of this text. If I print the String to the Console, it looks like jibberish. But if I examine the header/content of the response in Chrome Developer Tools, it looks correct. It is transferred in the correct encoding. This part of the webapp functions as expected.
At another point in the code, a different JSP page responds with HTML. Some of this HTML contains more of the Spanish text. This time, the text is transferred (and displayed) as jibberish.
What are potential reasons that this could be happening? Both times, I'm just printing the text using out.print. Why does it work at one point, but not in other?
Examples:
// In a file who's only output is the json string
String jsonString = ...
System.err.println(jsonString); // prints jibberish
out.println(jsonString); // looks correct when the response is viewed in Chrome Developer tools, and looks correct in a browser
...
// In a file who's output is a complete html page
String spanishText = ...
out.println("<label>" + spanishText + "</label>"); // looks like jibberish when the response is viewed in Chrome developer tools, and shows up as jibberish in a browser
You need to set the encoding which the JSP/Servlet response should use to print the characters and instruct the webbrowser to use the same encoding.
This can be done by putting this in top of your JSP:
<%# page pageEncoding="UTF-8" %>
Or if you're actually doing this in a Servlet:
response.setCharacterEncoding("UTF-8");
The "jibberish" when using System.err is a different problem. You need to set the encoding of the console/logfile which is been used to print this information to. If it's for example Eclipse, then you can set it by Window > Preferences > General > Workspace > Text File Encoding.
See also:
Unicode - How to get the characters right? - Fixing JSP/Servlet response
Unicode - How to get the characters right? - Fixing development environment
Morning all,
It early Monday morning and I'm struggling to understand why the followng line works in IE and not in FF.
<a class="button" href="#" onclick="setMaintenanceMode(false);">disable</a>
In both IE and FF the URL when you hover over the button is...
http://localhost:8080/mainapp/secure/gotoDevice.action?hardwareId=1&storeCode=2571#
When the button is clicked, the following method is called...
function setMaintenanceMode(enabled) {
var url = '<s:url action="secure/setMaintenanceMode"/>' + '&ModeEnabled=' + enabled;
document.location.href = url;
}
The URL that docuement is sent to is (in both browsers)...
/mainapp/secure/gotoDevice.action?hardwareId=1&storeCode=2571&ModeEnabled=false
The problem is that in IE the method on the struts action 'setSetCode()' is called, but from FF its not! If I remove the hash ahref above FF works, but IE doesn't (href="#").
I've tried changing the '&ModeEnabled=' to '&ModeEnabled=', but no success.
I've looked on google and the struts forum, but no success.
I'm tempted to rip out all the ahref's and replace them with Dojo buttons and see if that works, but before I do, I just wondered if anyone could shead some light on why.
My guess is that ahref is the wrong thing to use, but why?
If anyone could help me understand why though it would be appreciated.
Thanks
Jeff Porter
EDIT: The return false is part of the solution. The problem seems to be that the url..
/mainApp/secure/setMaintenanceMode.action?hardwareId=5&storeCode=2571&ModeEnabled=true
has the & inside it, if I go to this url as it is, then it works in IE, but not in FF.
if I change both to be & then it works in IE & FF.
if I change both to be & then it still works in IE but not FF.
Any ideas?
Note:
Seems that struts 2.0.9 does not support the property escapeAmp on the <s:url tag:
By default request parameters will be separated using escaped ampersands (i.e., &). This is necessary for XHTML compliance, however, when using the URL generated by this tag with the <s:property> tag, the escapeAmp attribute should be used to disable ampersand escaping.
soultion: return false on the onclick and upgrade to new struts + set escapeAmp param.
else, url = url.replace("&", "&");.
Try returning false from the javascript method
function setMaintenanceMode(enabled) {
var url = '<s:url action="secure/setMaintenanceMode"/>' + '&ModeEnabled=' + enabled;
document.location.href = url;
return false;
}
<a class="button" href="#" onclick="return setMaintenanceMode(false);">disable</a>
This should stop the javascript onclick event reaching the browser.
onclick="setMaintenanceMode(false); return false;"
The onclick is working, but then the href does immediately, as well. You need to return false from the click handler to signal that href should not be followed.
IE likely guesses at what you mean, and does the wrong thing.
the URL has the & inside it, if I go to this url as it is, then it works in IE, but not in FF.
I doubt it – it shouldn't work in either. It's not browser-dependent, but server-dependent.
The string a=b&c=d is split into parameters by the server framework. Servlet requires that only & be used to separate parameters, so it will return a=b and amp;c=d. The latter parameter obviously won't be recognised by the application which is expecting c.
The HTML specification for various reasons strongly recommends that ; also be allowed as a separator, in which case you'd get a=b, a stray amp which without an equals sign would be meaningless and discarded, and c=d. So despite the mis-encoding of the ampersand it would still work. Unfortunately, Servlet ignores this recommendation.
By default request parameters will be separated using escaped ampersands (i.e., &).
Oh dear! How unfortunate. You shouldn't escape ampersands at the point of joining parameters into a URL. You should simply join the parameters with a single ampersand, and then, if you need to put the finished URL into an attribute value of text content, HTML-encode the entire URL. Struts's default behaviour is simply wrong here.
In your case you are not outputting the URL to an attribute value or text content, you're writing it into a string literal in a script block:
var url = '<s:url action="secure/setMaintenanceMode"/>' + '&ModeEnabled=' + enabled;
In a script block in old-school HTML, HTML-escaping does not apply. (In XHTML in native XML it does, but let's not think about that yet.)
However, you still do need to think about JavaScript escapes. For example what if there were an apostrophe in the setMaintenanceMode link? It would break the string. Or if somehow you had a </ sequence in the string it'd break the entire script block.
What you really want to be doing is making the URL (without any ampersand-escaping), and then use a JavaScript string literal backslash-escape on it. Best would be to use an existing JSON encoder which will turn any Java value into a JavaScript literal, putting the surrounding quotes in for you too if it's a string. You can also on most JSON encoders tell it to JS-escape the < and & characters, which means not having to worry about XHTML parsing if you decided to serve the page as XML in the future.
I'm tempted to rip out all the ahref's and replace them with buttons
Well certainly if you have a thing you click on that isn't a link to another location, but simply does something to the page via script, then that's not a link really, and you'd be much better off marking it up as a <button> or <input type="button">, and using CSS to restyle it not to look like a button if you don't want it to.
However (again), this all seems rather pointless, as at the moment you are replacing the behaviour of a link with behaviour that just like a link only not as flexible. What's wrong with simply:?
disable