转义速度模板中的特殊字符 [英] Escaping special characters in velocity template
问题描述
我在 vm 中有这个模板:
$submitterMessage
变量 $submitterMessage 包含特殊字符,如 è,à,ò.
在我的模板中,变量的输出是:
我该如何解决?
谢谢
在这种情况下,您应该应用 HTML 编码/转义.根据速度,一个就绪函数是:http://velocity.apache.org/tools/devel/generic/EscapeTool.html#html%28%29
对于更复杂的上下文,例如:html 属性、嵌套 javascript 等...您也可以使用 OWASP 的 ESAPI 或 http://www.unbescape.org/.这也将防止您的代码中出现 XSS 漏洞.
最后但并非最不重要的是,您可能希望使用 UTF-8 输出;在 http 响应和页面的 html 标头中设置正确的内容类型标头.
I have this template in vm:
<div>
$submitterMessage
</div>
The variable $submitterMessage contains the special character like è,à,ò.
In my template the output of variable is: � � � �
How I can resolve it?
Thanks
In that context you should apply HTML encoding/escaping. According to velocity a ready function is: http://velocity.apache.org/tools/devel/generic/EscapeTool.html#html%28%29
For a more complex context like: html attributes, nested javascript etc... you could use also ESAPI by OWASP or http://www.unbescape.org/. This will prevent also XSS vulnerabilities in your code.
Last but not least, you would probably want to work with a UTF-8 output; Set the right content type header in the http response and in the html headers in the page.
这篇关于转义速度模板中的特殊字符的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!