struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Siman <aleksandr.si...@gmail.com>
Subject Re: Struts 2.1.8: Do we need to escape messages?
Date Fri, 16 Oct 2009 15:15:25 GMT

Thanks for hint! I have found the where messages get escaped:

	<s:actionmessage escape="false"/>
	<s:actionerror escape="false"/>

Previously I have this variant:

	<s:actionmessage/>
	<s:actionerror/>

Now these tags escape messages by default. Beware, upgraders!

I think this note must be included here:
http://struts.apache.org/2.1.8/migration-guide.html

BTW the above link, and many others in wiki, is broken.

Wes Wannemacher wrote:
> 
> I don't remember when it was added, but there is an attribute for
> s:property called 'escape' that defaults to 'true'
> 
> http://struts.apache.org/2.x/docs/property.html
> 
> If you set it to false, then you will probably get what you want.
> 
> -Wes
> 
> On Fri, Oct 16, 2009 at 6:05 AM, Alex Siman <aleksandr.siman@gmail.com>
> wrote:
>>
>> I just have found that Struts 2.1.8 escapes messages, so instead of
>> message
>> (in browser) like:
>> User with email user@example.com registered successfully.
>>
>> now I get this one:
>> User with email &lt;strong&gt;user@example.com&lt;/strong&gt; registered
>> successfully.
>>
>> In first example I used to escape only the inserted parameter "email".
>> I am not against automatic escaping of messages. It's good for security.
>> But
>> I am wonder, how to use expected HTML markup into messages? Maybe you
>> have
>> any another design solution?
>>
>> P.S. The downside of upgrades.
>> --
>> View this message in context:
>> http://www.nabble.com/Struts-2.1.8%3A-Do-we-need-to-escape-messages--tp25922882p25922882.html
>> Sent from the Struts - User mailing list archive at Nabble.com.
>>
> 
> 
> 
> -- 
> Wes Wannemacher
> 
> Head Engineer, WanTii, Inc.
> Need Training? Struts, Spring, Maven, Tomcat...
> Ask me for a quote!
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Struts-2.1.8%3A-Do-we-need-to-escape-messages--tp25922882p25927098.html
Sent from the Struts - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message