I have a problem reading a value that contains '&' from the url using java spring.
My summary.jsp file contains the following code:
`
<h3>
<fmt:message key="contact.title"/>
<c:if test="${!editMode}">
<label class="eightyfivefont">
<a class="termslink eightyfivefont"
href="?submitForm=true&
institutionName=<c:out value="${institution.institutionName}" />&
repositoryName=<c:out value="${institution.repositoryName}" />&
editMode=true">
(edit)</a>
</label>
</c:if>
</h3>
`
which produce the following url:
...summary.html?submitForm=true&institutionName=r&r&repositoryName=r&r
The problem is when I am trying to fetch the institutionName that hold the value "r&r".
when fetching the value using the following command:
String name = request.getParameter("institutionName");
it fetches only the string "r" and not "r&r".
The string is stored in XML file as "<institutionName>r&r</institutionName>" which is parsed and added using:
Document doc = DocumentHelper.createDocument();
Element root = doc.addElement("institution");
and for reading from the xml:
Document doc = DocumentHelper.parseText(xml);
Element root = doc.getRootElement();
(I assume the issue isn't with the XML).
Is there a solution for this problem?
The ampersand & is used to divide key-value pairs. If you want to have it as a value, or key, for that matter, you have to urlencode it. For example, like this:
encodeURIComponent('&') = "%26"
You should be able to use JavaScript for that. Or, of course, some Java method, if the URL is being created in the jsp itself.
You should use URLEncoder to encode the institutionName
java.net.URLEncoder.encode("r&r", "UTF-8")
this outputs the URL-encoded, which is fine as a GET parameter:
r%26r
check this answer. Create a custom EL function or otherwise you can use scriptlet though it is not recommended.
Related
So we are storing html in out data model. I need to output this into a freemarker template:
example:
[#assign value = model.value!]
${value}
value = '<p>This is <a href='somelink'>Some link</a></p>'
I have tried [#noescape] but it throws an error saying there is no escape block. see FREEMARKER: avoid escaping HTML chars. This solution did not work for me.
[#noescape] or <#noescape> is only valid when used inside an [#escape] tag. Your data is probably stored with the HTML encoded. You need to get the backend to un-encode the html.
Otherwise you'll need to do something like...
${value?replace(">", ">")?replace("<", "<")}
But that isn't a good approach because it won't catch all the encoded values and shouldn't be done in the view layer.
I'm using Thymeleaf to process html templates, I understood how to append inline strings from my controller, but now I want to append a fragment of HTML code into the page.
For example, lets stay that I have this in my Java application:
String n="<span><i class=\"icon-leaf\"></i>"+str+"</span> \n";
final WebContext ctx = new WebContext(request, response,
servletContext, request.getLocale());
ctx.setVariable("n", n);
What do I need to write in the HTML page so that it would be replaced by the value of the n variable and be processed as HTML code instead of it being encoded as text?
You can use th:utext attribute that stands for unescaped text (see documentation). Use this with caution and avoid user input in th:utext as it can cause security problems.
<div th:remove="tag" th:utext="${n}"></div>
If you want short-hand syntax you can use following:
[(${variable})]
Escaped short-hand syntax is
[[${variable}]]
but if you change inner square brackets [ with regular ( ones HTML is not escaped.
Example within tags:
<div>
[(${variable})]
</div>
Staring with Thymeleaf 3.0 the html friendly tag would be:
<div class="mailbox-read-message" data-th-utext="*{body}">
So I have the following html source:
<form action='http://example.com' method='get'>
<P>Some example text here.</P>
<input type='text' class='is-input' id='agent_name' name='deviceName' placeholder='Device Name'>
<input type='hidden' name='p' value='firefox'>
<input type='hidden' name='email' value='example#example.com'>
<input type='hidden' name='k' value='cITBk236gyd56oiY0fhk6lpuo9nt61Va'>
<p><input type='submit' class='btn-blue' style='margin-top:15px;' value='Install'></p>
</form>
Unfortunately this html source is saved as a string.
I would like to parse it using something like jsoup. and obtain the following String:
<input type='hidden' name='k' value='cITBk236gyd56oiY0fhk6lpuo9nt61Va'>
or better yet, only grab the following value: cITBk236gyd56oiY0fhk6lpuo9nt61Va
The problem I'm running into is that:
a) that value: cITBk236gyd56oiY0fhk6lpuo9nt61Va is consistently changing I cannot look for the entire html tag.
So, I am looking for a better way to do this.
Here is what I currently have that does not seem to be working:
//tried use thing, but java was angry for some reason
Jsoup.parse(myString);
// so I used this instead.
org.jsoup.nodes.Document doc = Jsoup.parse(myString);
// in this case I just tried to select the entire tag. Elements
elements = doc.select("<input name=\"k\"
value=\"cITBkdxJTFd56oiY0fhk6lUu8Owt61Va\" type=\"hidden\">");
//yeah this does not seem to work. I assume it's not a string anymorebut a document. Not sure if it
//would attempt to print anyway.
System.out.println(elements);
so I guess I can't use select, but even if this would work. I was not sure how to place select that part of the tag and place it into a new string.
You can try this way
Document doc = Jsoup.parse(myString);
Elements elements = doc.select("input[name=k]");
System.out.println(elements.attr("value"));
output:
cITBk236gyd56oiY0fhk6lpuo9nt61Va
Try this call to select to get the elements:
elements = doc.select("input[name=k][value=cITBkdxJTFd56oiY0fhk6lUu8Owt61Va]")
In this context, elements must be an Elements object. If you need to extract data from elements, you can use one of these (among others, obviously):
elements.html(); // HTML of all elements
elements.text(); // Text contents of all elements
elements.get(i).html(); // HTML of the i-th element
elements.get(i).text(); // Text contents of the i-th element
elements.get(i).attr("value"); // The contents of the "value" attribute of the i-th element
To iterate over elements, you can use any of these:
for(Element element : elements)
element.html(); // Or whatever you want
for(int i=0;i<elements.size();i++)
elements.get(i).html(); // Or whatever you want
Jsoup is an excellent library. The select method uses (lightly) modified CSS selectors for document queries. You can check the valid syntax for the method in the Jsoup javadocs.
I have to write an HTML report from a java class which contains the source code of web pages. So the problem is that as soon as the source of a web page is encountered it is thought of by the browser as being the the end of html tags on the main report page and so the output is not renderd correctly. An example is shown below :
<html>
<body>
<li>
<pre>
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
The page was not found on this server.
</body>
</html>
</pre>
</li>
</body>
</html>
I want that everything inside the pre tags must be taken as normal text and not html markup. I tried replacing < with < , > with > , & with & etc.. but it doesnt seem to work. Any tips on how to make this possible?
EDIT :
This is what i tried (a is the part inside pre tags)
File aFile = new File(filename);
try {
BufferedWriter out = new BufferedWriter(new FileWriter(aFile,aFile.exists()));
a.replaceAll("<","<");a.replaceAll(">",">");a.replaceAll("\"","&;quot;");a.replaceAll("&","&");
out.write(a + "\r\n");
out.close();
}
EDIT 2:
So this correct solution involved a=a.replaceAll(...), but another thing to note is that if i replace < with > and later on i replace & with & (like i do in the above example), It will againn mess my output(< will become <). So the order must also be changed(replcae & first and then <).
In Java, String objects are immutable. That means a.replaceAll doesn’t change a but returns a new String object in which the replacement took place.
So to fix this, you need to work with the returned object instead:
a = a.replaceAll("&","&").replaceAll("<","<");
And you actually only need to replace the & and < for your specific application.
do:
a = a.replaceAll("<","<");
instead of :
a.replaceAll("<","<");
and same for others...
As replaceAll method doesn't change the string, it rather returns a new one
Well.. replaceAll may work.. However, I'll always prefer to use StingEscapeUtils as ..
a = StringEscapeUtils.escapeHtml4(a)
The sequence you post in the comment:
a.replaceAll("<","<");
a.replaceAll(">",">");
a.replaceAll("\"","&;quot;");
a.replaceAll("&","&");
won't work, since the replaceAll() method doesn't change the String it is called on. It can't, Strings are immutable in Java.
Also, as #Rishabh points out, your last replace call will mess up the previous replaces, so you need to change the order.
You need to do
a = a.replaceAll("&","&");
a = ...
Or, just do them all without saving the intermediate result:
a = a.replaceAll("&","&").replaceAll("<","<").replaceAll(">",">").replaceAll("\"","&;quot;");
Also, you should probably use the replace() method instead of replaceAll(), there is no need to use regexes in this case.
Replace this line:
a.replaceAll("<","<");a.replaceAll(">",">");a.replaceAll("\"","&;quot;");a.replaceAll("&","&");
As this:
a = a.replaceAll("<","<").replaceAll(">",">").replaceAll("\"","&;quot;").replaceAll("&","&");
We are using Jsoup to parse, manipulate and extend a html template. So far everything works fine until it comes to single quotes used in combination with HTML attributes
<span data-attr='JSON'></span>
That HTML snippet is converted to
<span data-attr="JSON"></span>
which will conflict with the inner json data which is specified as valid with double quotes only
{"param" : "value"} //valid
{'param' : 'value'} //invalid
so we need to force Jsoup to NOT change those single quotes to double quotes, but how? Currently that is our code to parse and produce html content.
pageTemplate = Jsoup.parse(new File(mainTemplateFilePath), "UTF-8");
pageTemplate.outputSettings().escapeMode(Entities.EscapeMode.xhtml);
pageTemplate.outputSettings().charset("UTF-8");
... adding some html
pageTemplate.html(); // will output the double quoted attributes :(
You need to HTML encode the JSON value before putting it into the data-attr attribute. When you do so, you should end up with this:
<span data-attr="{"param":"value"}"></span>
Although that looks fairly daunting, it is actually valid HTML. When your corresponding JavaScript executes someSpan.getAttribute("data-attr"), the " values will be transformed into " values automatically, giving you access to the original valid JSON string.