-1

I have some problem with auto encoding from text to UTF-8 in Struts2 tag.

I want to pass a value witch contain a HTML tag from action class to JSP page, but in struts tag this value is automatically encoding to UTF-8 and HTML tag is not correct displayed.

For example: I have a String variable named param in action class

String param=param[0] + "& <br>" + param[1];

And this param is pass in JSP page and displayed in page using Struts tag:

<s:property value="%{param}">

My problem is that, in jsp page, <br> tag is encoding automatically and displeyed like test "& <br>" instead using it like a HTML tag and displayed "&" followed by enter line breaks.

Does anyone have any idea how I could skip this automatically encoding process?

Roman C
  • 47,329
  • 33
  • 60
  • 147
Ariana
  • 243
  • 4
  • 15

2 Answers2

2

Have you tried the (documented) attribute escapeHtml?

<s:property value="%{param}" escapeHtml="false" />

PS: Two additional notes:

  1. You are using the character &, which is special in HTML . If you are not going to escape the string, you should write it as &amp;

  2. As Rowan C aptly points out in his answer, using unescaped html in a web page can be dangerous, especially if the string (in your case the param array) is dynamic and can be set by the client. If you can't trust or properly sanitize it, then don't do that. Seriously.

leonbloy
  • 65,169
  • 19
  • 130
  • 176
1

The s:property tag escapes the html code by default to prevent XSS security violation. If you trust the content you display with this tag then you can use one of the escape attribtes to disable this process:

Name                Required    Default Evaluated   Type    Description
escapeCsv           false       false   false       Boolean Whether to escape CSV (useful to escape a value for a column)
escapeHtml          false       true    false       Boolean Whether to escape HTML
escapeJavaScript    false       false   false       Boolean Whether to escape Javascript
escapeXml           false       false   false       Boolean Whether to escape XML

In your code you can use

<s:property value="%{param}" escapeHtml="false"/>
Roman C
  • 47,329
  • 33
  • 60
  • 147