Uploaded image for project: 'Struts 1'
  1. Struts 1
  2. STR-3092

ErrorsTag should filter arguments for html display

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Won't Fix
    • Affects Version/s: 1.1.1
    • Fix Version/s: None
    • Component/s: Tag Libraries
    • Labels:
      None

      Description

      Unlike bean:write, html:errors doesn't filter for html the arguments that may go along the message.
      In my opinion, those arguments should be filtered for html by default as this is the purpose of the ErrorsTag (to display in html).

      Sometimes we may want to include the user input in the error message after some validation. For example, say I want to validate that a nameserver is a valid registered nameserver. I would take the user input , run the validation service and would like my error message to be declared in the resources file as:

      error.invalid.dns=

      {0}

      is not a registered nameserver

      if the user wants to screw my display, then he may enter something like "seehowthislooks<hr>" The html element doesn't get filtered out.

      I believe ErrorsTag should make use of TagUtils.filter(value) in the doStartTag method (which is used by org.apache.struts.taglib.bean.WriteTag). that would take care of this issue.

      workaround
      ----------------
      Of course, we could do the filter before creating the error (ActionMessage), but it would be nice to have this feature just as it happens with bean:write

      Thanks!

        Attachments

          Activity

            People

            • Assignee:
              pbenedict Paul Benedict
              Reporter:
              odeen Juan Duran
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: