使用c:out JSP将撇号转义为\' [英] Escape apostrophe as \' with c:out JSP
问题描述
我有一个带有人姓的对象字段.
I have an object field with person's last name.
如果我使用 $ {person.lastName} ,我会得到 O'Brian
If I use ${person.lastName}, I get O'Brian
如果我使用
<c:out value="${person.lastName}"/>
我得到了奥布莱恩
两个输出都中断IE中的下一个jsp代码
Both outputs breaks the next jsp code in IE
<a href="#"
class="delete"
onclick="if(confirm('<c:out value="${application.lastName}"/> ' + _('Are you sure you want to delete this application?'))) {deleteApplication('${application.identifier}')};return false;"><bean:message key="application.delete"/></a>
因为它已转换为
onclick="if(confirm('O'Brian '
或
onclick="if(confirm('O'Brian '
我需要以 O''Brian
有什么办法解决这个问题吗?
Any idea how to solve this issue?
最优雅的解决方案似乎使用一个简单的Tag.
The most elegant solutions seems to use a simple Tag.
package view;
import java.io.IOException;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.SimpleTagSupport;
public class EscapeJS extends SimpleTagSupport {
public String str;
public void doTag() throws JspException, IOException {
getJspContext().getOut().print(str.replaceAll("\'", "\\\\'"));
}
public String getStr() {
return str;
}
public void setStr(String str) {
this.str = str;
}
}
然后在WEB-INF中放置utils.tld文件:
Then place in WEB-INF a utils.tld file:
<!DOCTYPE taglib PUBLIC "-//Sun Microsystems, Inc.//DTD JSP Tag Library 1.1//EN" "http://java.sun.com/j2ee/dtds/web-jsptaglibrary_1_1.dtd">
<taglib>
<tlibversion>1.2</tlibversion>
<jspversion>1.1</jspversion>
<shortname>bean</shortname><uri>utilsTags</uri>
<uri>utilsTags</uri>
<tag>
<name>escapeJS</name>
<tagclass>view.EscapeJS</tagclass>
<bodycontent>scriptless</bodycontent>
<attribute>
<name>str</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
</taglib>
然后在您的jsp中:
<%@ taglib prefix="utils" uri="utilsTags" %>
<utils:escapeJS str="${application.firstName}"/>
推荐答案
您可以定义一个新的EL函数,该函数可以为您转义字符串.
You could define a new EL function that escapes strings for you.
例如
在Java中
public class MyStringUtil {
public static String escapeJs( String str )
{
// escape the string (e.g. replace ' with \')
}
}
在标签库描述符文件中:
In a tag library descriptor file:
<function>
<name>escapeJs</name>
<function-class>package.to.MyStringUtil</function-class>
<function-signature>
java.lang.String escapeJs( java.lang.String )
</function-signature>
</function>
然后在您的JSP中(假设您已经将.tld
包含在前缀foo
中:
Then in your JSP (assuming you've included your .tld
with a prefix of foo
:
<a href="#"
class="delete"
onclick="if(confirm('${foo:escapeJs(person.lastName)}' + _('Are you sure you want to delete this application?'))) {deleteApplication('${application.identifier}')};return false;"><bean:message key="application.delete"/></a>
这篇关于使用c:out JSP将撇号转义为\'的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!