1

A friend of mine asked me to take a look at a portlet he was developing. The issue he's having is that when he enters a value like

1 < 2 > 3

in an input field he gets

1 < 2 > 3

in the mapped String field.

While a decent bit of his code is dubious I couldn't find any instances of him using a .replace function / setting defaultHtmlEscape to true.

I did debug his portlet, and it's already changed before it even enters the Controller. I put a breakpoint in Springs dispatcherportlet and in the processAction it's already transformed.

> only gets parsed to &lt; if it's preceded by < so it is most likely an escaping issue because it gets handled as an html tag but I couldn't find any code influencing that.

I'm not that familiar with Spring 2.5.6 (I use version 3), but I can't recall any similar issues. It might be an issue with websphere portal 6.1 but that would surprise me since I can't find any similar issues. (I'm going to try and make a similar scenario tomorrow).

Any input would be appreciated.

(spring 2.5.6-SEC02, WebSphere Portal 6.1 without the latest feature pack)

Hugo
  • 681
  • 1
  • 7
  • 6

1 Answers1

1

Escaping XML refers to conversion of special characters like &, >, < and so on, into character entity codes like &amp;, &gt;, &lt;, and so on. If a portlet relies on a URL generated by portlet tag library which is not XML escaped then set this container runtime option to false. In Portlet 2.0 specification, all URLs generated by portlet tag library are XML escaped by default.

your friend should have some escape feature in his portlet JSP like one below

 <portlet:resourceURL var="inputURL" id="userValues" escapeXml="false" />
Some Java Guy
  • 4,992
  • 19
  • 71
  • 108