JSTL function to replace quote chars inside a string?
What is the simplest way to replace quote characters with \\\" sequence inside string values?
-
That'll be the fn:replace() function.
<%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %> ... ${fn:replace(foo, '"', '\\"')}
Unrelated to the concrete question, this is an often recurring requirement in order to prevent malformed HTML when redisplaying user controlled input as a HTML attribute. Normally, you should use <c:out> or fn:escapeXml() for this instead. E.g.
<input name="foo" value="<c:out value="${param.foo}" />" /> <input name="foo" value="${fn:escapeXml(param.foo)}" />It not only takes quotes into account, but also all other XML special characters like
<,>,&, etc.See also:
- XSS prevention in JSP/Servlet web application
讨论(0) -
Use javascript replace (with /g to replace all occurrences)
string.replace(/"/g, '\\"')讨论(0)
加载中...
- 热议问题