Reputation: 1371
String is saved wierdly in html hidden input
I have a String like follows which is coming from server side
String productIDs = "[{"productID":"226167","productName":"It is my life (Bingo)"},{"productID":"3193","productName":"It is your name (jingo)"},{"productID":"273838","productName":"It's the same milk/Butter i drink/ate yesterday"}]"
Now I am saving it in a hidden input field this string
<input type="hidden" class="hiddenInput" value="<%=productIDs %>" />
But when i checked it through firebug it is saved very wierdly as follows
<input type="hidden" class="hiddenInput" yesterday"}]"="" is ="" my ="" Butter ="" life ="" (Bingo)"},{"productid":"273838","productname":"It ="" crmo="" (paar)"},{"productid":"3193","productname":"It ="" milk="" same ="" flip-off="" productid":"226167","productname":"It ="" value="[{" />
Anybody has got any idea why this is happening?
Upvotes: 1
Views: 641
Answers (4)
Reputation: 15775
Problem is with the way you're saving the string, you have to switch the type of quotes you use otherwise js doesn't know where the string ends and starts.
In your question it would look like this:
String productIDs = "[{'productID':'226167','productName':'It is my life (Bingo)'},{'productID':'3193','productName':'It is your name (jingo)'},{'productID':'273838','productName':'It's the same milk/Butter i drink/ate yesterday'}]"
You can also use \" instead of ' but that, to me, is alot more confusing.
Edit
You can do this using the following code:
strUWantToChange.replace('"',"'");
Upvotes: 2
Reputation: 691913
As already said by other answers, quotes must be escaped. These are not the only characters that should be escaped. <, >, ' and & should systematically be escaped in HTML. The risks are
- invalid HTML
- broken page
- XSS attacks and security vulnerabilities
Whenever you must display data for which you're not absolutely sure that it doesn't contain any of such characters (for example : data coming, directly or indirectly, from the user, free textual data in general), escape this data.
This is done, in JSP by two simple constructs:
- the JSTL
<c:out>tag: - the JSTL
fn:escapeXmlEL function:${fn:escapeXml(productIDs)}
Scriptlets should not be used for years in JSP. Use the JSTL, other custom tags, and the EL.
Upvotes: 1
Reputation: 117607
Try this:
String productIDs = "[{\"productID\":\"226167\",\"productName\":\"It is my life (Bingo)\"},{\"productID\":\"3193\",\"productName\":\"It is your name (jingo)\"},{\"productID\":\"273838\",\"productName\":\"It's the same milk/Butter i drink/ate yesterday\"}]";
Upvotes: 0
Reputation: 262684
If you have quotes in your String, you need to escape them before pasting it into HTML.
Upvotes: 1
Related Questions
- JSP input comes null to servlet
- Incorrect hidden form field value being submitted to servlet
- Sending hidden input field values comes back null
- Strange characters appearing in input type in html (working on java)
- Hidden Input is giving null in servlet
- hidden input in JSP returns null in the Servlet
- Retrieving Hidden input value using java
- JSP : Hidden field is not getting submitted
- Hidden input in JSP produces null when passing it to the servlet
- Weird jsp behaviour