0

I'm writing a JSR 286 portlet for IBM WebSphere Portal 6.1. I have the following code:

@ProcessAction(name="processForm")
public void processForm(ActionRequest request, ActionResponse response) 
    throws PortletException, IOException {    

    String formField1 = request.getParameter("formField1"));
    System.err.println("formField1: " + formField1);
}

If the user submits '<' on the HTML form, the system outputs: 

formField1: '&lt;'

However, if the user submits '&lt;' on the HTML form, the system also outputs: 

formField1: '&lt;'

This makes it impossible to determine which value the user actually typed into the HTML form. Is there a way around this?

I found an article here which recommends doing a straight replace, but it doesn't address the issue of distinguishing between the two different values on the form.

cc1001
  • 77
  • 1
  • 8

1 Answers1

2

Can you see that '<' is arriving at the server, and it's not some other component that is altering the '<', such as the browser itself?

If not, how about item 4 on this page (Problem: The "<" and ">" characters display incorrectly):

http://publib.boulder.ibm.com/infocenter/wpdoc/v510/index.jsp?topic=/com.ibm.wp.ent.doc/wps/tbl_sec.html

Paul Grime
  • 14,970
  • 4
  • 36
  • 58
  • It was in fact the cross site scripting setting, as described in the article you provided. Just to clarify, since our version of portal happens to be 6.1 instead of 5.1 as referenced in the article, the solution was to set the security.css.protection property to false in the WP ConfigService resource environment provider. – cc1001 Sep 12 '11 at 14:35