Why '<' is shown as & lt;

Question

Why '<' is shown as & lt;

I am outputting a lowercase form, my java class, like this

 String numQsAdded = "<div id='message1'>"+getQuestion()+"</div>";

This string is sent back to the client side as XMLHttpRequest. So, on my jsp page, I have a javascript warning method that prints the string returned from the server. it translates '<' to < and '>' before >

how can i avoid this?

I tried changing my line to:

 String numQsAdded = "&lt;div id='message1'&gt;"+getQuestion()+"&gt;/div&lt;";

but it has even worse consequences. then '&' translates to "amp"

+4

java

roy Jun 11 '09 at 15:35

source share

7 answers

Ryan oberoi · Answer 1 · 2009-06-11T15:41:33+0000

XMLHttpRequest encodes the string before sending it. You will need to cancel the line. client side javascript try using:

 alert(unescape(returned_string))

KM. · Answer 2 · 2009-06-11T15:39:18+0000

< - a way to show "<" in html, which is created from XMLHttpRequest. try using XMLRequest

Matthew vines · Answer 3 · 2009-06-11T15:43:29+0000

This is an object reference for "<" while & this is an object reference for ">", you will need to cancel the line using the unescape () method

Joe davis · Answer 4 · 2009-06-11T16:08:21+0000

Paul Fisher answers correctly. I'll think about why. HTML encoding of content from the server is a security measure to protect your users from script attacks. If you are just unescape () that comes from the server, you can put your users at risk as well as the reputation of your site.

Try to do what Paul said. It is not difficult and much safer. To facilitate this, here is a sample:

 var divStuff = document.createElement('div'); divStuff.appendChild(containerElement); divStuff.id = 'message1'; divStuff.innerHTML = getQuestion();

It is much safer and provides better separation for your presentation level in your application.

Paul fisher · Answer 5 · 2009-06-11T15:52:54+0000

It might be better to send back the raw string with your message and leave Javascript to create a div with class message1 to insert it. It will also help if you ever decide to change the layout or style of your notifications.

paradisonoir · Answer 6 · 2009-06-11T15:42:52+0000

I do not think you can avoid it. This is how "<" is represented in HTML, and the result will look on your HTML page.

twarped · Answer 7 · 2019-10-10T22:52:53+0000

 numQsAdded.replace(/&lt;/g,"<").replace(/&gt;/g,">");

if it was javascript ...

Why '<' is shown as & lt;

More articles: