I am trying to get a request string that has the character # and my parameter is got only until the #. But the thing is that I need to have this character, can't remove it.
Any idea?
Encode the # if it has to be there. A literal # indicates a fragment id and can't be used in a URI for any other purpose. w3schools has encoding tables so you can look up the values yourself, too.
You need to encode the parameter value correctly.
If the URL is generated by a JSP, make sure to use the JSTL c:url tag:
<c:url value="/path/to/myServlet">
<c:param name="param1" value="#paramValue"/>
</c:url>
If you're using straight Java, use URLEncoder.encode().
If the URL is static, use %23paramValue instead of #paramValue
Related
I am using Thymeleaf as the front end.
I have some menu categories in natural language that I display on a web page and pass to the server.
For example, I have a category of "My favourite cats"
The category is in a variable ${category.key}
This category has a link;
<a th:href="|http://myserver?selectedCategory=${category.key}|><span th:text=${category.key}></span></a>
If I do not URLEncode ${category.key} on the server, then when a
user clicks the link, the selectedCategory parameter is null if there
is a whitespace in the category string.
If I encode the category string, the selectedCategory parameter
passes to the server fine BUT the link text appears as
My+favourite+cats
I don't want two variables, one encoded, one not encoded.
How do I either encode or unencode ${category.key} as part of the Thymeleaf HTML compilation process?
#symbol is Server Context path in Thymeleaf. you use #symbol.
<a href="#" th:href="#{/your server context path?selectedCategory=__${category.key}__}">
<span th:text="${category.key}"> </span></a>
Thymeleaf will url encode strings if you build them with url syntax (which was supplied in a comment above). For your example url, it should look like this -- using the # symbol instead of the $:
<a th:href="#{http://myserver(selectedCategory=${category.key})}" th:text="${category.key}" />
(Also, you don't need that extra span.)
Using the #symbol is definitely the primary alternative. But just to note another option that may be of use on occasions:
The answer is to use the lesser know #strings functions to replace the '+' with ' '
In the link text, use
th:text="${#strings.replace(category.key,'+',' ')}"
I have saved quotation(") in a string using escape character i database. That is working ok. But when i am retrieving the value in a jsp field from database, the string is being ended at the first quotation it gets in the whole string. I am giving an example below:
Lets take a string that i have stored in database as -
" Hello David. This is a "customer"."
Now, i am somehow need to save the string back from databse into a hidden field in a jsp page like below-
<input type="hidden" name="string_from_database" id="string_from_database" value="<%=some varibale that holds the data from database%>">
issue is -
Part of the string is getting exposed (means it is being written on top of the page) which i do not want. In this case,the below phrase is written on the beginning of the jsp page, which i don't want.
customer".
kindly suggest on how to resolve this issue.
Using this function you could replace the quote marks with the html entity variant ". Here's a simple function for it. Hope it fits into your templating system, but should be easy to modify if not.
function escapeQuotes(str){
return str.replace(/"/g,'"');
}
Here's a working fiddle
Use Jstl rather than scriptlets for further Explanation
use EL - Expression Language (${variable}) to get the Value eg. ${welcome}
<c:out value="${some varibale that holds the data from database}"/>
Strange one this. I have a tag in my JSF page which contains a parameter that contains a + sign. When the resulting hyperlink is clicked the URL converts the + sign to a space, as this is how spaces in URLs are represented.
Is there any way of encoding this parameter to display "%2b" (which is the urlencoded string) instead of +? I am using JSF 1.2
<hx:requestLink styleClass="requestLink" id="link31"
action="#{sellingMarginBean.changeView}">
<h:outputText styleClass="outputText" id="text81"
value="#{varsummaryDataList.tier.description}"></h:outputText>
<f:param
value="#{varsummaryDataList.tier.tierCode}"
name="tierCode" id="param51"></f:param>
</hx:requestLink>
If I change the value of tierCode to replace any '+' with '%2b' before putting out to the screen this works, but it's a hack at best as it means creating a custom method on my Tier domain object or cycling through summaryDataList and performing the replace.
Thanks in advance
Steve
According to this post by BalusC:
JSP/Servlet request: during request processing an average application server will by default use the ISO 8859-1 character encoding to URL-decode the request parameters. You need to force the character encoding to UTF-8 yourself. First this: "URL encoding" must not to be confused with "character encoding". URL encoding is merely a conversion of characters to their numeral representations in the %xx format, so that special characters can be passed through URL without any problems. The client will URL-encode the characters before sending them to the server. The server should URL-decode the characters using the same character encoding.
So probably your client and server are not using the same URL(URI)-encoding. Your best bet is to force the server itself to use UTF-8 encoding. That depends on what server you're using.
You could also use JSTL's fn:replace for your parameter, as an alternative but more "hacky" solution. Remember to define the JSTL taglib in your namespace set (xmlns:fn="http://java.sun.com/jsp/jstl/functions").
<f:param
value="#{fn:replace(varsummaryDataList.tier.tierCode, '+', '%2b'}"
name="tierCode" id="param51" />
See also:
POST parameters using wrong encoding in JSF 1.2
JSF 2.0 request.getParameter return a string with wrong encoding
How can I manipulate a String in a JSF tag?
I am using Play Framework 1.2.5. What is the difference between:
#{Application.render()}
and
#Application.render()
The first one is preferably used in the form action whereas the second one may be used for an anchor template. Both of them will be generating a URL, hence not able to understand which for the first one I need a {} surrounding braces.
Please let me know about this.
Thanks,
#{} is a short cut to generate a relative url based on a reverse route (Controller.method -> URL)
##{} gives you the absolute URL
#{} refer to tags. There just so happens to be an #a tag and you can do
#{a #Application.logout()}Disconnect#{/a}
because within the tag, you're actually passing the ActionDefinition when doing #Application.logout(), not the URL.
See http://www.playframework.org/documentation/1.2.5/tags
As far as I know, you need the curly braces when you use this in a template, for instance:
<form action="#{Application.post}">.
I just tried without the curly braces and that resulted in the exact string (#Application.render) and not an URL.
My code in the template:
#Application.index()<br />
#{Application.index()}<br />
Results in the following HTML in my browser:
#Application.index()<br />
/<br />
In files.jsp I am using following anchor and JSTL c:url combination -
<c:url value="downloadfile.jsp" var="dwnUrl" scope="request">
<c:param name="fileType" value="PDF"/>
<c:param name="fileId" value="${file.fileId}"/>
<c:param name="fileName" value="${file.fileName}"/>
</c:url>
Download
On downloadfile.jsp getting the file name value in JavaScript variable as -
selectedFile = <c:out value='${param.fileName}'>
Now, if file name contains some extra character e.g. XYZ 2/3" Technical then on the other page I am getting some different character as - XYZ 2/3#034; Technical
However, if I print request.getParameter("fileName"), its giving correct name. What is wrong?
The <c:out> by default escapes XML entities, such as the doublequote. This is done so to get well-formed XML and to avoid XSS.
To fix this, you should either get rid of <c:out>, since JSP 2.0, EL works perfectly fine in template text as well:
selectedFile = '${param.fileName}';
.. or, if you're still on legacy JSP 1.2 or older, set its escapeXml attribute to false:
selectedFile = '<c:out value="${param.fileName}" escapeXml="false">';
Note that I have added the singlequotes and semicolon to make JS code valid.
Needless to say, you'll need to keep XSS risks in mind if you do so.
The funky characters in your <c:param> values are being URL encoded by <c:url> as they should be. As far as downloadfile.jsp is concerned, the servlet container takes care of URL decoding incoming variables so you don't have to. This is normal behavior and shouldn't pose any problems for you.
If you simply turn escapeXml to false as #BalusC suggests, you will add an XSS vunerability to your page. Instead, you should encode the user input at the time of injection into the destination language, and escape characters that would be evaluated in the destination language. In this case, if the user input contained a single quote character (I'm assuming the string literal in your original example was supposed to be wrapped in single quotes, but the same would be true for double quotes if you were using them), any JavaScript code that followed it would be interpreted by the browser and executed. To safely do what you are trying to do, you should change the line in downloadfile.jsp to:
selectedFile = '${fn:replace(param.fileName, "'", "\'")}';
That will escape only single quotes, which would otherwise end the string literal declaration.
If you were using double quotes, then this would be appropriate:
selectedFile = "${fn:replace(param.fileName, '"', '\"')}";
It is worth noting that escapeXml could be appropriate for escaping JavaScript string literals (and it often is) when the string literal will eventually be dumped into HTML markup. However, in this case, the value should not be XML escaped as it is evaluated in the context of a file path, rather than in the context of HTML.