在App Engine(Java)中处理HTML表单 [英] Handling of HTML forms in App Engine (Java)
问题描述
我一般都不是使用Java进行Web开发的,但是我在Java编程方面有一定背景,因此我选择了Java版本的App Engine.在此之前,我只有涉及PHP的Web项目.
I am new to web development with java in general, but I have some background in Java programming so I chose the Java-version of App Engine. Before that I only had web projects involving PHP.
App Engine中是否有任何优雅的方法来处理发送到我的servlet的HTML表单并正确地对其进行转义?App Engine文档中的示例仅涉及在显示用户信息的jsp中转义XML,但是我想在DataStore中使用不含XML的纯文本,以最大程度地减少意外错误.
Is there any elegant way in App Engine to handle HTML forms that are sent to my servlet and escape them properly? The examples in the App Engine docs only refer to escaping XML in the jsp that displays the info to the user, but I would like to have clean text without XML in my DataStore to minimize accidental errors.
我目前正在使用Apache Commons软件包中的StringEscapeUtils,但是我更喜欢App Engine中包含的解决方案,因为我必须在我的应用程序中部署commons-jars.用正则表达式自己解析字符串是唯一的其他方法吗?
I am currently using the StringEscapeUtils from the Apache Commons package, but I would prefer a solution included in App Engine since I have to deploy the commons-jars with my app. Is the only other way to go, to parse the strings myself with regex?
推荐答案
您不应逃避用户发送的内容.保持原样,然后将其存储在数据库中.出于充分的原因,这些数据可能是XML,并且该数据可能由Webapp以外的其他设备使用,而Webapp并不关心HTML的转义.甚至在webapp中,也可以将其作为JSON对象的一部分发送,而无需HTML转义.
You should not escape what is sent by the user. Leave it as it is, and store it as it is in the database. This data might be XML for a good reason, and the data might be used by something else than a webapp, which doesn't care about HTML-escaping. And even in the webapp, it could be sent as part of a JSON object, where HTML-escaping is not needed.
生成包含此数据的HTML页面时,必须转义HTML特殊字符以确保所有内容正确显示.StringEscapeUtils很好,将jar与您的应用程序捆绑在一起是完全正常的.如果您使用JSP生成HTML标记,请使用JSTL < c:out> 标记或JSTL fn:escapeXml()函数.
When generating an HTML page containing this data, then you must escape the HTML-special characters to make sure everything is displayed correctly. StringEscapeUtils is just fine, and bundling jars with your app is perfectly normal. If you're using JSPs to generate the HTML markup, use the JSTL <c:out> tag, or the JSTL fn:escapeXml() function.
如果要用Java制作而不嵌入commons-lang库,请自己实现过滤.您只需要替换< ,> ,',"和& 及其相应的HTML实体.应该不太难.
If you want to make it in Java without embedding the commons-lang library, implement the filtering yourself. You just need to replace <, >, ', " and & with their corresponding HTML entities. Shouldn't be too hard.
这篇关于在App Engine(Java)中处理HTML表单的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
