struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wes Wannemacher <w...@wantii.com>
Subject Re: Struts 2.1.8: Do we need to escape messages?
Date Fri, 16 Oct 2009 14:44:31 GMT
I don't remember when it was added, but there is an attribute for
s:property called 'escape' that defaults to 'true'

http://struts.apache.org/2.x/docs/property.html

If you set it to false, then you will probably get what you want.

-Wes

On Fri, Oct 16, 2009 at 6:05 AM, Alex Siman <aleksandr.siman@gmail.com> wrote:
>
> I just have found that Struts 2.1.8 escapes messages, so instead of message
> (in browser) like:
> User with email user@example.com registered successfully.
>
> now I get this one:
> User with email &lt;strong&gt;user@example.com&lt;/strong&gt; registered
> successfully.
>
> In first example I used to escape only the inserted parameter "email".
> I am not against automatic escaping of messages. It's good for security. But
> I am wonder, how to use expected HTML markup into messages? Maybe you have
> any another design solution?
>
> P.S. The downside of upgrades.
> --
> View this message in context: http://www.nabble.com/Struts-2.1.8%3A-Do-we-need-to-escape-messages--tp25922882p25922882.html
> Sent from the Struts - User mailing list archive at Nabble.com.
>



-- 
Wes Wannemacher

Head Engineer, WanTii, Inc.
Need Training? Struts, Spring, Maven, Tomcat...
Ask me for a quote!

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message