ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.

advertisement

AddThis Social Bookmark Button

JavaServer Pages: Generating Dynamic Content
Pages: 1, 2, 3, 4, 5, 6, 7, 8

Formatting HTML Output

If you enter a value containing double quotes in the Name field of the userinfo2.jsp page, it doesn't work right. For example, try "Prince, "the artist"" and you'll see what I mean. Only "Prince," appears in the Name field, and the Birth Date field is not shown at all. What's going on here?

A look at the HTML code generated by the JSP page using your browser's View Source function reveals what's wrong:

<table>
  <tr>
    <td>Name:</td>
    <td><input type="text" name="userName" 
      value="Prince, "the artist"">
    </td>
  </tr>

In the JSP file, double quotes are used to enclose the value of the <input> element's value attribute, so when the value itself includes a double quote, the browser gets confused. The first double quote in the value is interpreted as the end of the value. That's why you see only "Prince," in the field. Even worse, the rest of the value interferes with the interpretation of the rest of the form, causing the next input field to be ignored in most browsers.

One solution to this problem would be to use single quotes around the values instead, since HTML accepts either single quotes or double quotes. But then you would have the same problem if the user enters a value that includes a single quote. Fortunately, there's a better way.

What's needed is special treatment of all characters that can cause HTML interpretation problems when we generate HTML from dynamic strings. One way to handle this is to let the bean take care of the special treatment. The UserInfoBean can do this through another set of properties: userNameFormatted, birthDateFormatted, emailAddrFormatted, sexFormatted, and luckyNumberFormatted.

These are read-only properties that simply represent formatted versions of the corresponding real property values. The bean is designed so that when you use these property names, all troublesome characters in the real property values--such as single quotes, double quotes, less-than symbols, greater-than symbols, and ampersands--are converted to their corresponding HTML character entities (i.e., &#39;, &#34;, &lt;, &gt;, and &amp;). The browser handles the converted values with no problem. If you're curious about the Java code for the formatted properties, it's described in Chapter 15. Example 5-5 shows a JSP page that uses the new properties.

Example 5-5: A JSP Page with Validation and Formatting Using a Bean (userinfo3.jsp)

<%@ page language="java" contentType="text/html" %>
<html>
  <head>
    <title>User Info Entry Form</title>
  </head>
  <body bgcolor="white">
    <jsp:useBean
      id="userInfo"
      class="com.ora.jsp.beans.userinfo.UserInfoBean">
      <jsp:setProperty name="userInfo" property="*" />
    </jsp:useBean>
 
    <%-- Output list of values with invalid format, if any --%>
    <font color="red">
      <jsp:getProperty name="userInfo" property="propertyStatusMsg" />
    </font>
 
    <%-- Output form with submitted valid values --%>
    <form action="userinfo2.jsp" method="post">
      <table>
        <tr>
          <td>Name:</td>
          <td><input type="text" name="userName" 
            value="<jsp:getProperty
                     name="userInfo"
                     property="userNameFormatted"
                   />">
          </td>
        </tr>
        <tr>
          <td>Birth Date:</td>
          <td><input type="text" name="birthDate" 
            value="<jsp:getProperty
                     name="userInfo"
                     property="birthDateFormatted"
                   />">
          </td>
          <td>(Use format yyyy-mm-dd)</td>
        </tr>
        <tr>
          <td>Email Address:</td>
          <td><input type="text" name="emailAddr" 
            value="<jsp:getProperty
                     name="userInfo"
                     property="emailAddrFormatted"
                   />">
          </td>
          <td>(Use format name@company.com)</td>
        </tr>
        <tr>
          <td>Sex:</td>
          <td><input type="text" name="sex" 
            value="<jsp:getProperty
                     name="userInfo"
                     property="sexFormatted"
                   />">
          </td>
          <td>(Male or female)</td>
        </tr>
        <tr>
          <td>Lucky number:</td>
          <td><input type="text" name="luckyNumber" 
            value="<jsp:getProperty
                     name="userInfo"
                     property="luckyNumberFormatted"
                   />">
          </td>
          <td>(A number between 1 and 100)</td>
        </tr>
        <tr>
          <td colspan=2><input type="submit"></td>
        </tr>
      </table>
    </form>
  </body>
</html>

It's not always a good idea to have a bean handle this type of formatting, though. A bean is easier to reuse if it doesn't contain logic that is specific for one type of use, such as generating strings suitable for HTML. When we look at scripting elements and custom actions, we will revisit the subject of HTML formatting and look at other solutions to this problem.

Try the final version of this example by clicking on the "User Info 3 example" link. Now everything works fine, even if you happen to be Prince, "the artist."


1. In fact, Java is the only scripting language formally supported in the JSP specification, but the specification leaves room for other languages to be supported.

2. An element is actually represented by a start tag and an end tag, but the term "tag" is often used to refer to what's formally known as an element.