Rectangle 27 185

CTRL-click that brings you to where clicked object is defined works everywhere - not only in Java classes and variables in Java code, but in Spring configuration (you can click on class name, or property, or bean name), in Hibernate (you can click on property name or class, or included resource), you can navigate within one click from Java class to where it is used as Spring or Hibernate bean; clicking on included JSP or JSTL tag also works, ctrl-click on JavaScript variable or function brings you to the place it is defined or shows a menu if there are more than one place, including other .js files and JS code in HTML or JSP files.

Autocomplete in HSQL expressions, in Hibernate configuration (including class, property and DB column names), in Spring configuration

<property name="propName" ref="<hit CTRL-SPACE>"

and it will show you list of those beans which you can inject into that property.

Very smart autocomplete in Java code:

interface Person {
    String getName();
    String getAddress();
    int getAge();
}
//---
Person p;
String name = p.<CTRL-SHIFT-SPACE>

and it shows you ONLY getName(), getAddress() and toString() (only they are compatible by type) and getName() is first in the list because it has more relevant name. Latest version 8 which is still in EAP has even more smart autocomplete.

interface Country{
}
interface Address {
    String getStreetAddress();
    String getZipCode();
    Country getCountry();
}
interface Person {
    String getName();
    Address getAddress();
    int getAge();
}
//--- 
Person p;
Country c = p.<CTRL-SHIFT-SPACE>
Country c = p.getAddress().getCountry();

Smart autocomplete in JavaScript.

function Person(name,address) {
    this.getName = function() { return name };
    this.getAddress = function() { return address };
}

Person.prototype.hello = function() {
    return "I'm " + this.getName() + " from " + this.get<CTRL-SPACE>;
}

and it shows ONLY getName() and getAddress(), no matter how may get* methods you have in other JS objects in your project, and ctrl-click on this.getName() brings you to where this one is defined, even if there are some other getName() functions in your project.

Did I mention autocomplete and ctrl-clicking in paths to files, like <script src="", <img src="", etc?

Autocomplete in HTML tag attributes. Autocomplete in style attribute of HTML tags, both attribute names and values. Autocomplete in class attributes as well. Type <div class="<CTRL-SPACE> and it will show you list of CSS classes defined in your project. Pick one, ctrl-click on it and you will be redirected to where it is defined.

Latest version has language injection, so you can declare that you custom JSTL tag usually contains JavaScript and it will highlight JavaScript inside it.

<ui:obfuscateJavaScript>function something(){...}</ui:obfuscateJavaScript>

You can use Find Usages of any Java class or method and it will find where it is used including not only Java classes but Hibernate, Spring, JSP and other places. Rename Method refactoring renames method not only in Java classes but anywhere including comments (it can not be sure if string in comments is really method name so it will ask). And it will find only your method even if there are methods of another class with same name. Good source control integration (does SVN support changelists? IDEA support them for every source control), ability to create a patch with your changes so you can send your changes to other team member without committing them.

When I look at HashMap in debugger's watch window, I see logical view - keys and values, last time I did it in Eclipse it was showing entries with hash and next fields - I'm not really debugging HashMap, I just want to look at it contents.

It validates Spring and Hibernate configuration right when you edit it, so I do not need to restart server to know that I misspelled class name, or added constructor parameter so my Spring cfg is invalid.

Last time I tried, I could not run Eclipse on Windows XP x64.

and it will suggest you person.name or person.address. Ctrl-click on person.name and it will navigate you to getName() method of Person class.

Type Pattern.compile(""); put \\ there, hit CTRL-SPACE and see helpful hint about what you can put into your regular expression. You can also use language injection here - define your own method that takes string parameter, declare in IntelliLang options dialog that your parameter is regular expression - and it will give you autocomplete there as well. Needless to say it highlights incorrect regular expressions.

There are few features which I'm not sure are present in Eclipse or not. But at least each member of our team who uses Eclipse, also uses some merging tool to merge local changes with changes from source control, usually WinMerge. I never need it - merging in IDEA is enough for me. By 3 clicks I can see list of file versions in source control, by 3 more clicks I can compare previous versions, or previous and current one and possibly merge.

It allows to to specify that I need all .jars inside WEB-INF\lib folder, without picking each file separately, so when someone commits new .jar into that folder it picks it up automatically.

Mentioned above is probably 10% of what it does. I do not use Maven, Flex, Swing, EJB and a lot of other stuff, so I can not tell how it helps with them. But it does.

The two examples about auto-completing java code work identically in eclipse. Could someone with more rep delete just the java examples please?

Most of your examples are available in Eclipse, either directly or via 3rd party plugins. I know of no one who uses an external tool for svn merge in Eclipse. For spring/hibernate/javascript editors (and autocomplete) there are 3rd party plugins. As for regex and jsp EL, you beat me :)

The Jboss Tools plugin adds autocomplete of Hibernate and JSF expressions.

For the eclipse debugging view there is an option to show the contents of the collections rather than the implementation details. For lists and sets, it'll show their contents. For maps, it'll show a list of key-value pairs. It's also possible to set custom displays up.

java - Things possible in IntelliJ that aren't possible in Eclipse? - ...

java eclipse ide intellij-idea
Rectangle 27 185

CTRL-click that brings you to where clicked object is defined works everywhere - not only in Java classes and variables in Java code, but in Spring configuration (you can click on class name, or property, or bean name), in Hibernate (you can click on property name or class, or included resource), you can navigate within one click from Java class to where it is used as Spring or Hibernate bean; clicking on included JSP or JSTL tag also works, ctrl-click on JavaScript variable or function brings you to the place it is defined or shows a menu if there are more than one place, including other .js files and JS code in HTML or JSP files.

Autocomplete in HSQL expressions, in Hibernate configuration (including class, property and DB column names), in Spring configuration

<property name="propName" ref="<hit CTRL-SPACE>"

and it will show you list of those beans which you can inject into that property.

Very smart autocomplete in Java code:

interface Person {
    String getName();
    String getAddress();
    int getAge();
}
//---
Person p;
String name = p.<CTRL-SHIFT-SPACE>

and it shows you ONLY getName(), getAddress() and toString() (only they are compatible by type) and getName() is first in the list because it has more relevant name. Latest version 8 which is still in EAP has even more smart autocomplete.

interface Country{
}
interface Address {
    String getStreetAddress();
    String getZipCode();
    Country getCountry();
}
interface Person {
    String getName();
    Address getAddress();
    int getAge();
}
//--- 
Person p;
Country c = p.<CTRL-SHIFT-SPACE>
Country c = p.getAddress().getCountry();

Smart autocomplete in JavaScript.

function Person(name,address) {
    this.getName = function() { return name };
    this.getAddress = function() { return address };
}

Person.prototype.hello = function() {
    return "I'm " + this.getName() + " from " + this.get<CTRL-SPACE>;
}

and it shows ONLY getName() and getAddress(), no matter how may get* methods you have in other JS objects in your project, and ctrl-click on this.getName() brings you to where this one is defined, even if there are some other getName() functions in your project.

Did I mention autocomplete and ctrl-clicking in paths to files, like <script src="", <img src="", etc?

Autocomplete in HTML tag attributes. Autocomplete in style attribute of HTML tags, both attribute names and values. Autocomplete in class attributes as well. Type <div class="<CTRL-SPACE> and it will show you list of CSS classes defined in your project. Pick one, ctrl-click on it and you will be redirected to where it is defined.

Latest version has language injection, so you can declare that you custom JSTL tag usually contains JavaScript and it will highlight JavaScript inside it.

<ui:obfuscateJavaScript>function something(){...}</ui:obfuscateJavaScript>

You can use Find Usages of any Java class or method and it will find where it is used including not only Java classes but Hibernate, Spring, JSP and other places. Rename Method refactoring renames method not only in Java classes but anywhere including comments (it can not be sure if string in comments is really method name so it will ask). And it will find only your method even if there are methods of another class with same name. Good source control integration (does SVN support changelists? IDEA support them for every source control), ability to create a patch with your changes so you can send your changes to other team member without committing them.

When I look at HashMap in debugger's watch window, I see logical view - keys and values, last time I did it in Eclipse it was showing entries with hash and next fields - I'm not really debugging HashMap, I just want to look at it contents.

It validates Spring and Hibernate configuration right when you edit it, so I do not need to restart server to know that I misspelled class name, or added constructor parameter so my Spring cfg is invalid.

Last time I tried, I could not run Eclipse on Windows XP x64.

and it will suggest you person.name or person.address. Ctrl-click on person.name and it will navigate you to getName() method of Person class.

Type Pattern.compile(""); put \\ there, hit CTRL-SPACE and see helpful hint about what you can put into your regular expression. You can also use language injection here - define your own method that takes string parameter, declare in IntelliLang options dialog that your parameter is regular expression - and it will give you autocomplete there as well. Needless to say it highlights incorrect regular expressions.

There are few features which I'm not sure are present in Eclipse or not. But at least each member of our team who uses Eclipse, also uses some merging tool to merge local changes with changes from source control, usually WinMerge. I never need it - merging in IDEA is enough for me. By 3 clicks I can see list of file versions in source control, by 3 more clicks I can compare previous versions, or previous and current one and possibly merge.

It allows to to specify that I need all .jars inside WEB-INF\lib folder, without picking each file separately, so when someone commits new .jar into that folder it picks it up automatically.

Mentioned above is probably 10% of what it does. I do not use Maven, Flex, Swing, EJB and a lot of other stuff, so I can not tell how it helps with them. But it does.

The two examples about auto-completing java code work identically in eclipse. Could someone with more rep delete just the java examples please?

Most of your examples are available in Eclipse, either directly or via 3rd party plugins. I know of no one who uses an external tool for svn merge in Eclipse. For spring/hibernate/javascript editors (and autocomplete) there are 3rd party plugins. As for regex and jsp EL, you beat me :)

The Jboss Tools plugin adds autocomplete of Hibernate and JSF expressions.

For the eclipse debugging view there is an option to show the contents of the collections rather than the implementation details. For lists and sets, it'll show their contents. For maps, it'll show a list of key-value pairs. It's also possible to set custom displays up.

java - Things possible in IntelliJ that aren't possible in Eclipse? - ...

java eclipse ide intellij-idea
Rectangle 27 185

CTRL-click that brings you to where clicked object is defined works everywhere - not only in Java classes and variables in Java code, but in Spring configuration (you can click on class name, or property, or bean name), in Hibernate (you can click on property name or class, or included resource), you can navigate within one click from Java class to where it is used as Spring or Hibernate bean; clicking on included JSP or JSTL tag also works, ctrl-click on JavaScript variable or function brings you to the place it is defined or shows a menu if there are more than one place, including other .js files and JS code in HTML or JSP files.

Autocomplete in HSQL expressions, in Hibernate configuration (including class, property and DB column names), in Spring configuration

<property name="propName" ref="<hit CTRL-SPACE>"

and it will show you list of those beans which you can inject into that property.

Very smart autocomplete in Java code:

interface Person {
    String getName();
    String getAddress();
    int getAge();
}
//---
Person p;
String name = p.<CTRL-SHIFT-SPACE>

and it shows you ONLY getName(), getAddress() and toString() (only they are compatible by type) and getName() is first in the list because it has more relevant name. Latest version 8 which is still in EAP has even more smart autocomplete.

interface Country{
}
interface Address {
    String getStreetAddress();
    String getZipCode();
    Country getCountry();
}
interface Person {
    String getName();
    Address getAddress();
    int getAge();
}
//--- 
Person p;
Country c = p.<CTRL-SHIFT-SPACE>
Country c = p.getAddress().getCountry();

Smart autocomplete in JavaScript.

function Person(name,address) {
    this.getName = function() { return name };
    this.getAddress = function() { return address };
}

Person.prototype.hello = function() {
    return "I'm " + this.getName() + " from " + this.get<CTRL-SPACE>;
}

and it shows ONLY getName() and getAddress(), no matter how may get* methods you have in other JS objects in your project, and ctrl-click on this.getName() brings you to where this one is defined, even if there are some other getName() functions in your project.

Did I mention autocomplete and ctrl-clicking in paths to files, like <script src="", <img src="", etc?

Autocomplete in HTML tag attributes. Autocomplete in style attribute of HTML tags, both attribute names and values. Autocomplete in class attributes as well. Type <div class="<CTRL-SPACE> and it will show you list of CSS classes defined in your project. Pick one, ctrl-click on it and you will be redirected to where it is defined.

Latest version has language injection, so you can declare that you custom JSTL tag usually contains JavaScript and it will highlight JavaScript inside it.

<ui:obfuscateJavaScript>function something(){...}</ui:obfuscateJavaScript>

You can use Find Usages of any Java class or method and it will find where it is used including not only Java classes but Hibernate, Spring, JSP and other places. Rename Method refactoring renames method not only in Java classes but anywhere including comments (it can not be sure if string in comments is really method name so it will ask). And it will find only your method even if there are methods of another class with same name. Good source control integration (does SVN support changelists? IDEA support them for every source control), ability to create a patch with your changes so you can send your changes to other team member without committing them.

When I look at HashMap in debugger's watch window, I see logical view - keys and values, last time I did it in Eclipse it was showing entries with hash and next fields - I'm not really debugging HashMap, I just want to look at it contents.

It validates Spring and Hibernate configuration right when you edit it, so I do not need to restart server to know that I misspelled class name, or added constructor parameter so my Spring cfg is invalid.

Last time I tried, I could not run Eclipse on Windows XP x64.

and it will suggest you person.name or person.address. Ctrl-click on person.name and it will navigate you to getName() method of Person class.

Type Pattern.compile(""); put \\ there, hit CTRL-SPACE and see helpful hint about what you can put into your regular expression. You can also use language injection here - define your own method that takes string parameter, declare in IntelliLang options dialog that your parameter is regular expression - and it will give you autocomplete there as well. Needless to say it highlights incorrect regular expressions.

There are few features which I'm not sure are present in Eclipse or not. But at least each member of our team who uses Eclipse, also uses some merging tool to merge local changes with changes from source control, usually WinMerge. I never need it - merging in IDEA is enough for me. By 3 clicks I can see list of file versions in source control, by 3 more clicks I can compare previous versions, or previous and current one and possibly merge.

It allows to to specify that I need all .jars inside WEB-INF\lib folder, without picking each file separately, so when someone commits new .jar into that folder it picks it up automatically.

Mentioned above is probably 10% of what it does. I do not use Maven, Flex, Swing, EJB and a lot of other stuff, so I can not tell how it helps with them. But it does.

The two examples about auto-completing java code work identically in eclipse. Could someone with more rep delete just the java examples please?

Most of your examples are available in Eclipse, either directly or via 3rd party plugins. I know of no one who uses an external tool for svn merge in Eclipse. For spring/hibernate/javascript editors (and autocomplete) there are 3rd party plugins. As for regex and jsp EL, you beat me :)

The Jboss Tools plugin adds autocomplete of Hibernate and JSF expressions.

For the eclipse debugging view there is an option to show the contents of the collections rather than the implementation details. For lists and sets, it'll show their contents. For maps, it'll show a list of key-value pairs. It's also possible to set custom displays up.

java - Things possible in IntelliJ that aren't possible in Eclipse? - ...

java eclipse ide intellij-idea
Rectangle 27 1

I have used the struts framework and find it fairly easy to learn. When using the struts framework each page of your site will have the following items.

1) An action which is used is called every time the HTML page is refreshed. The action should populate the data in the form when the page is first loaded and handles interactions between the web UI and the business layer. If you are using the jsp page to modify a mutable java object a copy of the java object should be stored in the form rather than the original so that the original data doesn't get modified unless the user saves the page.

2) The form which is used to transfer data between the action and the jsp page. This object should consist of a set of getter and setters for attributes that need to be accessible to the jsp file. The form also has a method to validate data before it gets persisted.

3) A jsp page which is used to render the final HTML of the page. The jsp page is a hybrid of HTML and special struts tags used to access and manipulate data in the form. Although struts allows users to insert Java code into jsp files you should be very cautious about doing that because it makes your code more difficult to read. Java code inside jsp files is difficult to debug and can not be unit tested. If you find yourself writing more than 4-5 lines of java code inside a jsp file the code should probably be moved to the action.

Note: In struts 2 the Form object is referred to as a Model instead but works the same way as I described in my original answer.

java - Design Patterns web based applications - Stack Overflow

java design-patterns jsp servlets
Rectangle 27 1

I have used the struts framework and find it fairly easy to learn. When using the struts framework each page of your site will have the following items.

1) An action which is used is called every time the HTML page is refreshed. The action should populate the data in the form when the page is first loaded and handles interactions between the web UI and the business layer. If you are using the jsp page to modify a mutable java object a copy of the java object should be stored in the form rather than the original so that the original data doesn't get modified unless the user saves the page.

2) The form which is used to transfer data between the action and the jsp page. This object should consist of a set of getter and setters for attributes that need to be accessible to the jsp file. The form also has a method to validate data before it gets persisted.

3) A jsp page which is used to render the final HTML of the page. The jsp page is a hybrid of HTML and special struts tags used to access and manipulate data in the form. Although struts allows users to insert Java code into jsp files you should be very cautious about doing that because it makes your code more difficult to read. Java code inside jsp files is difficult to debug and can not be unit tested. If you find yourself writing more than 4-5 lines of java code inside a jsp file the code should probably be moved to the action.

Note: In struts 2 the Form object is referred to as a Model instead but works the same way as I described in my original answer.

java - Design Patterns web based applications - Stack Overflow

java design-patterns jsp servlets
Rectangle 27 1

I have used the struts framework and find it fairly easy to learn. When using the struts framework each page of your site will have the following items.

1) An action which is used is called every time the HTML page is refreshed. The action should populate the data in the form when the page is first loaded and handles interactions between the web UI and the business layer. If you are using the jsp page to modify a mutable java object a copy of the java object should be stored in the form rather than the original so that the original data doesn't get modified unless the user saves the page.

2) The form which is used to transfer data between the action and the jsp page. This object should consist of a set of getter and setters for attributes that need to be accessible to the jsp file. The form also has a method to validate data before it gets persisted.

3) A jsp page which is used to render the final HTML of the page. The jsp page is a hybrid of HTML and special struts tags used to access and manipulate data in the form. Although struts allows users to insert Java code into jsp files you should be very cautious about doing that because it makes your code more difficult to read. Java code inside jsp files is difficult to debug and can not be unit tested. If you find yourself writing more than 4-5 lines of java code inside a jsp file the code should probably be moved to the action.

Note: In struts 2 the Form object is referred to as a Model instead but works the same way as I described in my original answer.

java - Design Patterns web based applications - Stack Overflow

java design-patterns jsp servlets
Rectangle 27 4

If you want to create a CDATA section with the markup of DOM nodes then you first need to serialize those nodes which can be done in Java either using a default transformer or the DOM Load/Save API. So I would create a document fragment node and appendChild all child nodes of the param to the document fragment, the serialize the document fragment to a string then you can use your code to create a CDATA section and appendChild it to the param.

Here is a simple example, the imports needed are

import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;

import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.DocumentFragment;


import org.w3c.dom.ls.DOMImplementationLS;
import org.w3c.dom.ls.LSSerializer;

then the code to read in the document and find the element is as you posted and the DocumentFragment is used to assemble all child nodes removed from the element:

DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
        docFactory.setNamespaceAware(true);

        DocumentBuilder docBuilder = docFactory.newDocumentBuilder();

        Document doc = docBuilder.parse("sample1.xml");

        DocumentFragment frag1 = doc.createDocumentFragment();

        Element param = (Element)doc.getElementsByTagName("param5").item(0);

        while (param.hasChildNodes())
        {
            frag1.appendChild(param.getFirstChild());
        }
LSSerializer
writeToString
DOMImplementationLS lsImp = (DOMImplementationLS)doc.getImplementation();

        LSSerializer ser = lsImp.createLSSerializer();
        ser.getDomConfig().setParameter("xml-declaration", false);

        String xml = ser.writeToString(frag1);

        System.out.println(xml);

        param.appendChild(doc.createCDATASection(xml));

        System.out.println(ser.writeToString(doc));
<content>
    <records>
        <record>
            <param1>1</param1>
            <param2>25</param2>
            <param3>34</param3>
            <param4>b</param4>
            <param5><![CDATA[
                <p>this is html that should be wrapped with CData including the p tags.</p>
            ]]></param5>
        </record>
    </records>
</content>
DOMImplementationLS lsImp = (DOMImplementationLS)doc.getImplementation();

Thank you! This is what I was asking for in the first place. I was planning on writing an answer using the LSSerializer class to serialize the node, then copy the the HTML markup and content and pass it to the setTextContent method on the original node. Do you have any examples you can provide with the default transformer and/or DOM Load/Save API? Thanks, again.

@user3621633, I have edited the answer to show some code snippets that move the child nodes of the element to a DocumentFragment node, serialize that to a String and then create and add a CDATA section to the element.

Thank you very much! I see that. Maybe I wasn't clear in my question and that's why I was getting questions about using CData and XSLT but this is exactly what I was looking for! Thank you!!

@user3621633 I still don't see how this is going to help you get the HTML output you are looking for. Transforming this result with the XSLT stylesheet you "don't have control over" will produce something very different.

The pay-grade above me said use CData so I'm using CData. That's what they want. It's not as if the XSL will change dramatically but it could be tweaked over time by another party. With the answer above, it works great and as long as the people above me are happy with it, I'm good :)

How to wrap HTML content in CData (Java) for XSLT - XML to HTML - Stac...

java html xml xslt cdata
Rectangle 27 0

First of all, you'll want to read this JavaMail FAQ entry that tells you how to find the main message body. As written, it prefers an html body over a plain text body in cases where the message contains both. It should be clear how to reverse that preference.

But, not all messages will contain both html and plain text versions of the message body. If you get only html, you're going to have to write your own code to process the string and remove the html tags, or use some other product to process the html and remove the tags.

Thanks for comment, but I cannot see why the order means something in the link you posted. And change the order of if - else changes the preference and the output? Can you specify a little more?

Per RFC 2046, which defines multipart/alternative, the alternatives appear in order of increasing faithfulness to the original content. That means you'll find text/plain before text/html. If you prefer text/plain, you can change that code to return as soon as it finds text/plain content; there's no need to continue looking for other body parts.

Ok thanks. I decide to retrieve whole message as html because it contains more information. I prefer maintain the structure of emails and not mess up all the text.

At last I used Jsoup and it works fine. The trick is, you have to remove the <head> part manually first, and Jsoup does the rest.

Extract only text part of email body using javamail, without html cont...

html javamail plaintext
Rectangle 27 0

The problem with XSS is that it's context dependent. You need to encode differently depending on where you're displaying the user output (e.g., different encoding for data you're placing between javascript tags, or in the uri, or between html tags). OWASP Java Encoder sets up different contexts you can encode/decode for. If the data is just output through a jsp tag, then I would use

Encode.forHtml("input here");

You can also encode for javascript:

Encode.forJavaScript("input here");

You can download it on the owasp site, or through maven (look on the github link).

This library also allows you to do the encoding through JSP tags in your JSP pages, but you'll have to dig around a bit to find the doco for that. I've always done it in Java.

security - XSS : input validation from server side - Stack Overflow

security xss
Rectangle 27 0

Look at http://java-source.net/open-source/html-parsers for a list of java libraries that parse html files into java objects that can be manipulated.

If the html files you are working with are well formed (xhtml) then you can also use XML libraries in java to find particular tags and modify them. The IO itself should be handled by the particular libraries you are using.

If you choose to manually parse the strings you could use regular expressions to find particular tags and use the java io libraries to write to the files and create new html documents. But this method reinvents the wheel so to speak because you have to manage tag opening and closing and all of those things are handled by pre-existing libraries.

How to parse and modify HTML file in Java - Stack Overflow

java html html-parsing
Rectangle 27 0

If your target platform is really Enfinity - as you are stating in your questions and in the tags - you should be using the Enfinity constructs even though this is not completely what you know from JSP. Please allow me to reopen this old thread and try to help you with that.

Enfinity got an own "templating language" called ISML. In the end ISML is precompiled to JSP. You can find a documentation with any installation of the Enfinity application server (a PDF called enfsuite_dev_programming). You should ask your project manager or build engineer if you don't have it available.

On the other hand I read from your statement that you possibly have the Enfinity Studio available (which is the IDE of Enfinity - a derivate of Eclipse. You should be able to access the developer guide through Enfinity Studios Help Menu. This menu may have some errors in some versions of the Studio unfortunately. However, you can get there through Window > Show View > Other > Help. On bottom of the help window is a "Content" link that will take you to the overview. The developer guide is under the table of contents link Enfinity Suite Application Programming Guide.

However you get to the guide: in the appendix you find a section "Reference > ISML Tags / ISML Functions / ISML Modules". Browsing through it you will find the function:

<isprint value="#value#" encoding="on|off">

Encoding is "on" by default and this statement will do exactly what you need: it will encode all HTML special characters in #value#. The special here is that the key value matches to an object in the so called Pipeline Dictionary which is a construct storing objects coming out of the Enfinity business logic workflow layer (so called pipelines).

This pipeline dictionary can be manipulated in JSP using:

Map<String, Object> pdict = getPipelineDictionary();

The dictionary is a standard java Map and can be manipulated using the known operations. However, the preferred way would be using pipelines or at least the respective ISML tag

<isset name="name" value="#value#" scope="request|session">

A full example for usage with JSP/ISML would be:

<%
String myString = "<b>Test</b>";
getPipelineDictionary().put("myDictKey", myString);
%>
<isprint value="#myDictKey#">

Hi! Finally someone who can understand what program I was talking about! I was using the ISPRINT with the encoding ON, but some unencoded character are still passing through. If not, I would not freaking out searching for solution. My supervisor told me to use ISHTMLPRINT instead, but the same thing still happened. After lots of horrible trial n error, I finally resort to the most manual solution: creating my own custom ISML tag, because that allows me to use java library to solve this problem. But I learn something new from your answer as well. Thank you for your descriptive and clear answer!

java - Escaping HTML characters in JSP without special library - Stack...

java jsp servlets html-escape-characters intershop
Rectangle 27 0

The problem with XSS is that it's context dependent. You need to encode differently depending on where you're displaying the user output (e.g., different encoding for data you're placing between javascript tags, or in the uri, or between html tags). OWASP Java Encoder sets up different contexts you can encode/decode for. If the data is just output through a jsp tag, then I would use

Encode.forHtml("input here");

You can also encode for javascript:

Encode.forJavaScript("input here");

You can download it on the owasp site, or through maven (look on the github link).

This library also allows you to do the encoding through JSP tags in your JSP pages, but you'll have to dig around a bit to find the doco for that. I've always done it in Java.

security - XSS : input validation from server side - Stack Overflow

security xss
Rectangle 27 0

I decided to use Apache Tika. It has an HtmlEncodingDetector class to find HTML meta tags. When that fails due to meta tags not existing I fallback to Tika's UniversalEncodingDetector. (The latter is a wrapper for juniversalchardet. I use the wrapper instead of calling juniversalchardet directly because it's handy for both detectors to have the same Java interface.)

The only caveat is that Tika is quite a large project and adding it pulled in a large number of irrelevant dependencies.

html - Can I give jsoup a fallback character encoding to use when meta...

html character-encoding jsoup