In a Java application I have HTML, as a String, that looks like this:
<DIV STYLE="font-family:"Times New Roman"">
And I wish to decode the encoded quotes so that it is correctly displayed on the page. The problem is that conventional StringEscapeUtils escape methods will decode each quote as a double quote, resulting in HTML like this:
<DIV STYLE="font-family:"Times New Roman"">
Which will not correctly render on the page. The desired result is for the HTML to look like this:
<DIV STYLE='font-family:"Times New Roman"'>
I can algorithmically examine the string to replace the encoded quotes to what I want but is there a dedicated method to correctly decode quotes for such a String?
If it is defined in your java code
you may try to add \ before "
I assume you are expecting something like this right?
String randomHtmlCode = " <DIV STYLE='font-family:\"Times New Roman\"'> ";
Related
So we are storing html in out data model. I need to output this into a freemarker template:
example:
[#assign value = model.value!]
${value}
value = '<p>This is <a href='somelink'>Some link</a></p>'
I have tried [#noescape] but it throws an error saying there is no escape block. see FREEMARKER: avoid escaping HTML chars. This solution did not work for me.
[#noescape] or <#noescape> is only valid when used inside an [#escape] tag. Your data is probably stored with the HTML encoded. You need to get the backend to un-encode the html.
Otherwise you'll need to do something like...
${value?replace(">", ">")?replace("<", "<")}
But that isn't a good approach because it won't catch all the encoded values and shouldn't be done in the view layer.
I'm using Thymeleaf to process html templates, I understood how to append inline strings from my controller, but now I want to append a fragment of HTML code into the page.
For example, lets stay that I have this in my Java application:
String n="<span><i class=\"icon-leaf\"></i>"+str+"</span> \n";
final WebContext ctx = new WebContext(request, response,
servletContext, request.getLocale());
ctx.setVariable("n", n);
What do I need to write in the HTML page so that it would be replaced by the value of the n variable and be processed as HTML code instead of it being encoded as text?
You can use th:utext attribute that stands for unescaped text (see documentation). Use this with caution and avoid user input in th:utext as it can cause security problems.
<div th:remove="tag" th:utext="${n}"></div>
If you want short-hand syntax you can use following:
[(${variable})]
Escaped short-hand syntax is
[[${variable}]]
but if you change inner square brackets [ with regular ( ones HTML is not escaped.
Example within tags:
<div>
[(${variable})]
</div>
Staring with Thymeleaf 3.0 the html friendly tag would be:
<div class="mailbox-read-message" data-th-utext="*{body}">
I have an arbitrary large HTML string with incorrectly escaped attribute values. I would like to get the full HTML string with properly escaped attribute values. I would like to do this in Java.
For example, given this incorrectly escaped HTML tag:
<p name="Chalupa "Batman" McArthur">Chalupa "Batman" McArthur</p>
I want this output:
<p name="Chalupa "Batman" McArthur">Chalupa "Batman" McArthur</p>
StringEscapeUtils.escapeHtml() or replaceAll() replaces all invalid HTML characters like this:
<p name="Chalupa "Batman" McArthur">Chalupa "Batman" McArthur</p>
I want the characters within attribute values escaped properly, but the rest of the HTML left alone so it can properly be processed by a browser. Is there a java library that can handle this issue?
We are using Jsoup to parse, manipulate and extend a html template. So far everything works fine until it comes to single quotes used in combination with HTML attributes
<span data-attr='JSON'></span>
That HTML snippet is converted to
<span data-attr="JSON"></span>
which will conflict with the inner json data which is specified as valid with double quotes only
{"param" : "value"} //valid
{'param' : 'value'} //invalid
so we need to force Jsoup to NOT change those single quotes to double quotes, but how? Currently that is our code to parse and produce html content.
pageTemplate = Jsoup.parse(new File(mainTemplateFilePath), "UTF-8");
pageTemplate.outputSettings().escapeMode(Entities.EscapeMode.xhtml);
pageTemplate.outputSettings().charset("UTF-8");
... adding some html
pageTemplate.html(); // will output the double quoted attributes :(
You need to HTML encode the JSON value before putting it into the data-attr attribute. When you do so, you should end up with this:
<span data-attr="{"param":"value"}"></span>
Although that looks fairly daunting, it is actually valid HTML. When your corresponding JavaScript executes someSpan.getAttribute("data-attr"), the " values will be transformed into " values automatically, giving you access to the original valid JSON string.
I am trying to display some images containing special characters like ☻ ☺ ♥ or Chinese or Arabic characters in their names using jsp...but the images are not getting displayed !!
<img src = "pipo².jpg" />
<img src = "pip☺☻♥o².jpg" />
What am I doing wrong !!
Try encoding the filename using URLEncoder.encode() method before the HTML is sent to the page, e.g.
String encodedString = URLEncoder.encode(filename, "UTF-8").
This will convert the characters to entities which can be passed in HTML.
you can percent encode the urls using encodeURIComponent in javascript to give you
<img src="pip%C3%A2%C2%98%C2%BA%C3%A2%C2%98%C2%BB%C3%A2%C2%99%C2%A5o%C3%82%C2%B2.jpg">
I'd recommend renaming your files.
Using special characters in src paths is not strictly allowed, you'd have to find the URL style escape codes for those characters.