All geek questions in one place

Stripes structure: how to disable line erasure in forms

I use stripes frames to implement a web application. To avoid all types of attacks, the text is stored in a sanation database, and the sanitation process involves encoding HTML objects.

My problem arises when I make a strip shape. When the form starts from empty, everything is in order. However, when the user previously entered something, this form and that the existing values ​​are retrieved from the database, are set in the bean action, and then displayed with strip shape tags, the stripes disappear again. This leads to double escaping my string.

In any case, can I tell the stripes that I know what I am doing, and the line that I give you has already escaped?

+4
source share
2 answers

It seems the best solution is to simply not use stripes for problem fields. If in jsp you replace, for example:

<stripes:textarea name="userEntryComment"/>

with

 <textarea name="userEntryComment">${actionBean.userEntryComment}</textarea>

ThenAll stripes are not called at all to generate the second version HTML. In addition, since we are not using the <c: out> tag in this case, the string will not be re-escaped.

+2
source

Encoding The en-decoding of HTML objects is processed by Stripes, so there is no need to store encoded HTML objects in a database. Just remove the encoding of the HTML objects from the processing, and Stripes will safely process the data.

There is another point: we can consider the bad practice of storing model data ( MVC model! ) In a presentation format, such as HTML. And HTML entities, of course, are also formatted in HTML format. They will limit / hinder your use of data when doing all kinds of other things, such as searching, sending text email, etc. Etc.

0
source

Source: https://habr.com/ru/post/1339328/

More articles:


All Articles