Decoding HTML in Tapestry

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Decoding HTML in Tapestry

Jijoe Vurghese
I tried searching this forum, but didn't find anyone running into a similar
situation. Here is what I have so far...

String data in a POJO object member - ">How do you do?"

This data is displayed on a Tapestry page in a text field.

Tapestry converts the string to ">How do you do?"

So far, so good...Tapestry has automagically done escaping of HTML

When the user submits the form on this Tapestry page, I would expect Tapestry to
call the POJO's set method with the value ">How do you do?". In other words,
_after_ unescaping the HTML back to original form.

However, I see Tapestry setting the value ">How do you do?"

Question 1 - is there is a Tapestry method that can "unescape" the incoming HTML?

Question 2 - is there an automagic way to have Tapestry just do this unescape on
incoming requests?

Caveat - I am using a custom OGNL property accessor for get/set on this POJO
because the get/set methods can't follow the JavaBean conventions:

setAttribute(String key, String value)
getAttribute(String key)

Right now, I have a hack in setProperty() method of my custom property accessor
to do the unescape. But this seems like a hack to me, because the reverse
(escaping while rendering page) is automatic.

TIA,

Jijoe


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Decoding HTML in Tapestry

pferraro
Actually, OGNL /does/ support object indexed properties.  Read more
about it here:
http://www.ognl.org/2.6.7/Documentation/html/LanguageGuide/indexing.html#N101C5

Paul

Jijoe Vurghese wrote:

>I tried searching this forum, but didn't find anyone running into a similar
>situation. Here is what I have so far...
>
>String data in a POJO object member - ">How do you do?"
>
>This data is displayed on a Tapestry page in a text field.
>
>Tapestry converts the string to ">How do you do?"
>
>So far, so good...Tapestry has automagically done escaping of HTML
>
>When the user submits the form on this Tapestry page, I would expect Tapestry to
>call the POJO's set method with the value ">How do you do?". In other words,
>_after_ unescaping the HTML back to original form.
>
>However, I see Tapestry setting the value ">How do you do?"
>
>Question 1 - is there is a Tapestry method that can "unescape" the incoming HTML?
>
>Question 2 - is there an automagic way to have Tapestry just do this unescape on
>incoming requests?
>
>Caveat - I am using a custom OGNL property accessor for get/set on this POJO
>because the get/set methods can't follow the JavaBean conventions:
>
>setAttribute(String key, String value)
>getAttribute(String key)
>
>Right now, I have a hack in setProperty() method of my custom property accessor
>to do the unescape. But this seems like a hack to me, because the reverse
>(escaping while rendering page) is automatic.
>
>TIA,
>
>Jijoe
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [hidden email]
>For additional commands, e-mail: [hidden email]
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Decoding HTML in Tapestry

Johan Maasing
In reply to this post by Jijoe Vurghese
>>String data in a POJO object member - ">How do you do?"
>>
>>This data is displayed on a Tapestry page in a text field.
>>
>>Tapestry converts the string to ">How do you do?"

I have written a web-mail on tapestry (nothing fancy but enough to let me read and reply to mail). So the reply function inserts a lot of > characters but I have not found that Tapestry escapes them when populating a text field or a text area.

<page-specification class="...">
  <property-specification name="mailBody" type="java.lang.String"/>
  <component id="bodyField" type="TextArea">
    <binding name="value" expression="mailBody"/>
  </component>
</page-specification>

In my page class I populate 'mailBody' with the text to display in the area and that does not get > converted to &gt;

Perhaps you should consider if you realy want the text in the input field to have escaped HTML.


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Decoding HTML in Tapestry

Jijoe Vurghese
In reply to this post by pferraro
Paul Ferraro <pmf8 <at> columbia.edu> writes:

>
> Actually, OGNL /does/ support object indexed properties.  Read more
> about it here:
> http://www.ognl.org/2.6.7/Documentation/html/LanguageGuide/indexing.html#N101C5
>
Holy Smokes!! That ought to teach me to RTFM :-)

Thanks for that tip, Paul

Jijoe


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Decoding HTML in Tapestry

Jijoe Vurghese
In reply to this post by Johan Maasing
<johan <at> zoom.nu> writes:

> In my page class I populate 'mailBody' with the text to display in the area
and that does not get > converted to
> &gt;

Hmm...that is strange. The renderComponent method of the TextArea component
packaged with Tapestry distribution (I'm on version 3.0.3) uses
IMarkupWriter.print(value); on line# 77 [http://tinyurl.com/d3tfs].

The Javadoc for IMarkupWriter.print(String) says this method, in turn, invokes
invokes print(char[], int, int). The latter form of print method states it does
escape "unsafe" characters [http://tinyurl.com/7r985].

And this is the behavior I see when I view the source of the rendered HTML page.

> Perhaps you should consider if you realy want the text in the input field to
have escaped HTML.
>
Actually, I didn't opt for this behavior by choice. It came with the built-in
TextArea component.

However, per Howard's suggestion [http://tinyurl.com/ajx6l], I ended up creating
a customized TextArea (HTMLSafeTextArea) that decodes character entities like
'&gt;' back into '>' when the form rewindes - thus restoring symmetry.

Thanks,

Jijoe


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]