I mostly do HTML/CSS/JS so i'm kind'a lost here, so no idea if this is possible the way i want it anyway, this is it:
I have this code
<html:text styleClass="span4" title="No spaces or dashes" />
I want this input to render with the attribute "placeholder". How can i go about this?
Thanks in advance!
If struts doesn't provide then you could inject it using jQuery if you need it
$("#idOfInputText").attr('placeholder', 'some text')
you can supply id using styleId attribute of struts's tag
Related
How can we implement ESAPI output encoding in an application using java and spring-mvc.
Read many posts and saw this:
<%# page import="org.owasp.esapi.*" %>
<input type="hidden" name="hidden" value="<%out.print(ESAPI.encoder().encodeForHTML(content));%>"/>
But, in my application all the jsps use spring form tags like the following,
<td>Number:
<form:input path="someNo" size="20" maxlength="18" id="firstfield" onkeypress="return PressAButton('submithidden');"/></td>
How can I have ESAPI implementation for above code? is there any other way of implementing output encoding like creating a filter or something? Any suggestions are greatly appreciated!
After researching spring tags a bit, it appears that the data-binding happens in framework code thus preventing you from applying any escaping in the jsp.
One, semi-quick win could be defaulting all output to escape HTML. Add this entry in web.xml:
<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>
The only problem here is that output-escaping is a BIG pain... the rules for html escaping are different when your value is going to be passed as data to an HTML attribute or a Javascript function. And there could be some parts of your application where you DO NOT want to html escape, but you should be able to override those with the form tag attribute htmlEscape="false" when you need to.
What you need is to be able to hook the part of Spring tags where it is binding the HTML to the form, but you need to be able to do it so you can escape based on where its being placed. Escaping rules are different for an HTMLAttribute as opposed to plain HTML and if the value is going to be passed as data to a javascript function. So Spring's solution only defends one category of attack.
These are the only ways out I see, all of them will require work:
Use JSTL tags instead of Spring tags so you can write your variables with ${thisSyntax} and wrap them in esapi tags like this:
<c:out value="<esapi:encodeForHTML>${variable}</esapi:encodeForHTML>"/>
Follow a solution like what #A. Paul put forward, where you do your context escaping back on the controller side. I'm aware you feel that this isn't an option, but the next solution I'm putting forward is untested.
Implement your own tag library that subclasses [org.springframework.web.servlet.tags.form.InputTag][1], specifically the method writeValue. While esapi prevents alot, I would recommend looking at owasp's new Encoder project to show you exactly how tricky output encoding is. Ideally your tag library will allow you to utilize either esapi's Encoder or this new API.
Just a thought not sure if this is what you are looking for.
Can you use the below code in Java and change the data in the bean itself and then send in the user interface.
if ( ESAPI.securityConfiguration().getLogEncodingRequired() ) {
data = ESAPI.encoder().encodeForHTML(message);
}
You can check the below url.
http://www.jtmelton.com/tag/esapi/
I'm trying to use Struts framework in my project. I want to use the html:button to send parameter in the link but I don't understand how to make it.
In other words, I want to translate this line:
<input type="button" onClick="window.location.href='resum.do?action=ViewMessage&&id_message=<%= id_msg %>'" value="View"/>
to Struts taglib, something like this:
<html:button property="" onclick="window.location.href='resum.do?action=ViewMessage&&id_message=<%= id_msg %>'" value="View"></html:button>
But it didn't work.
The html:button tag is used only inside the form tag. See the docs
This tag is only valid when nested inside a form tag body.
Also set the property attribute.
I haven't touched Struts2 in a couple of years and have to do some maintenance on some JSP pages. But I can't figure out the proper syntax to pass the output from an <s:Action> tag to an <s:url> tag.
I'd like to do the following:
<s:action name="loadPath" namespace="/files" flush="false" var="filePath" />
<s:url value="#filePath.path"/>
But that does not work. However, I can see that my path property is properly set by doing:
<s:property value="#filePath.path" />
I've played around with %, # and $, but can't seem to find the right combination to get the value off the stack and into the s:url tag.
AHA!
After some more digging around, and trial and error, I finally found the right combination:
<s:url value="%{ #filePath.path }"/>
But I do not understand why this works. Can anyone provide an explanation why this syntax works and not just value="#filePath.path"?
I am not quite sure about what you are trying to achieve but perhaps these documents will help you:
Struts2 Action Tag Example
Struts2 URL Tag Example
i mostly do CSS and php so i'm kind'a lost here, so no idea if this is possible the way i want it anyway, this is it:
I have this code
<html:textarea rows="10" cols="70" property="thankYouMessage" />
And i want this textarea to render an id of "textareaID" and a name like "textareaname"
how can i go about this?... if i use styleID, the page just won't load anymore... i need to apply some css to that markup so that's the thing.
Thanks in advance!
styleId attribute should work (perhaps you mispelled it ? case is sensitive)
<html:textarea styleId="textareaID" property="thankYouMessage" ... />
IIRC (long time since Struts 1...) the generated name atribute in the HTML tag will coincide with the property attribute (ref). So in your example the generated HTML (you should check this, looking at the HTML source) should result in something like this:
<textarea id="textareaID" name="thankYouMessage" ...>
Normally you should'nt rely on name for accessing the element (e.g., in Javascript), prefer the id
i am using diaply tags library for displaying my tables.But i cant use the <% %>
tagst there.If i try to us it it gives me error.but i can use tag there.
If i try to use followin code in my jsp it give an error sayin shoul hav a matcheing ending tag.
i have follown java code in jsp
List<Course> = (List<Course>)request.getAattribute("crc");
here Course is a class/bean.
can anyone suggest me such library that i can use with struts for auto paging,displaying list in tables,and with other features provided by display tag.I want to use struts and i want the view to look good and yet easy to devlop.that is i want to achieve high class userinterface with littel effortr toward displaying o/p / view.
can anyone provide the example of disploay tag with struts
You can use the name attribute of the table tag (normally like this:)
<display:table name="crc" ...>
</display:table>
To use the crc List as the basis of Javabeans to display.
See http://displaytag.sourceforge.net/1.2/displaytag/tagreference.html#display-el:table for more information about the table tag.