{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 乱世女痞 的问题《Handling of HTML forms in App Engine (Java)》','https://www.manongdao.com/q-1131780.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am new to web development with java in general, but I have some background in Java programming so I chose the Java-version of App Engine. Before that I only had web projects involving PHP.
Is there any elegant way in App Engine to handle HTML forms that are sent to my servlet and escape them properly? The examples in the App Engine docs only refer to escaping XML in the jsp that displays the info to the user, but I would like to have clean text without XML in my DataStore to minimize accidental errors.
I am currently using the StringEscapeUtils from the Apache Commons package, but I would prefer a solution included in App Engine since I have to deploy the commons-jars with my app. Is the only other way to go, to parse the strings myself with regex?
You should not escape what is sent by the user. Leave it as it is, and store it as it is in the database. This data might be XML for a good reason, and the data might be used by something else than a webapp, which doesn't care about HTML-escaping. And even in the webapp, it could be sent as part of a JSON object, where HTML-escaping is not needed.
When generating an HTML page containing this data, then you must escape the HTML-special characters to make sure everything is displayed correctly. StringEscapeUtils is just fine, and bundling jars with your app is perfectly normal. If you're using JSPs to generate the HTML markup, use the JSTL
<c:out>tag, or the JSTLfn:escapeXml()function.If you want to make it in Java without embedding the commons-lang library, implement the filtering yourself. You just need to replace
<,>,',"and&with their corresponding HTML entities. Shouldn't be too hard.