Here is my problem : in my database, I got a VACHAR2 of length 2000. Let's call it the "commentReception".
It is mapped to a String in my Struts bean.
The jspx (that handles both consult and update, within the form) looks that way :
<s:if test="%{consultAction}">
<s:textarea name="dto.commentReception" readonly="true" cssClass="textAreaValue readonly" />
</s:if>
<s:else>
<s:textarea name="dto.commentReception" readonly="false" cssClass="textAreaValue" />
</s:else>
When I submit the form, the bean is filled correctly, meaning without any \r\n at the end, and I get only one line, even in the database : no newlines.
But when I switch to consultAction, or let's say re-edit the form (not consultAction) another time, I get my string with an extra 2 newlines. That's really annoying and I don't know if it comes from Struts or from the tag. (with me probably missing a tag attribute?)
Of course, if I submit the form again, the comment string will be stored in the database with the newlines. So it will add two more new lines every saving of my comment...
Do you know where my problem comes from? Thanks already.
Edit : the generated form
<textarea class="textAreaValue" id="saveControleReception_dto_commentReceiption" rows="" cols="" name="dto.commentReceiption">commentaire contrôle avant reception.
</textarea>
You can see there are some newlines, but they are not taken into account in my bean. But they are somehow when I reload it.
So, it seems that the struts tag is adding by default two \r\n to the String upon loading the bean. That must be some kind of bug. So here is my solution :
<s:if test="%{consultAction}">
<textarea readonly="true" class="textAreaValue readonly"><s:property value="dto.commentReceiption"/></textarea>
</s:if>
<s:else>
<textarea class="textAreaValue" name="dto.commentReceiption"><s:property value="dto.commentReceiption"/></textarea>
</s:else>
I used the html tag instead of Strut's, and the property tag... If someone has a better answer (there must be), I'm still listening ;)
When you save or retreive your data add trim() in case you use mySQL. this will remove the remaining white spaces when you retrieve/seve it
Related
I'm sure someone will mark this as a duplicate question but no other answers worked for me.
I am using ruby and passing a variable into my html page. Let's say my variable "camp_name" is equal to "abc'd"
<%=camp_name%>
This outputs "abc'd" which is what I want.
<input type="text" class="form-control" name="campaign_name" required value='<%=camp_name%>'>
The value in the field is now "abc" because of the single apostrophe. How do i get it to ignore apostrophes? Thanks.
You can escape the variable to html entities:
camp_name.gsub("'", "'")
You should do that for other characters as well, because, as mentioned by a comment, the user could simply insert an HTML tag in your page with your current script. Probably the most important ones are the following:
camp_name.gsub("<", "<")
camp_name.gsub(">", ">")
If you're using Rack (which would definitely be in use if you're using Rails or Sinatra, and it might be there even if you're not), there is a builtin for escaping HTML for just this kind of thing. Calling Rack::Utils#escape_html will replace ampersands, brackets, and quotes with their HTML entities (e.g. ' instead of ').
In your case, you'd want the following code:
<input type="text" class="form-control" name="campaign_name" required value='<%= Rack::Utils.escape_html(camp_name) %>'>
This would evaluate to:
<input type="text" class="form-control" name="campaign_name" required value='abc'd'>
which is the proper way of displaying an apostrophe in HTML.
Just as a side note, displaying user-submitted text without escaping on a website is a very bad idea, because malicious users can add arbitrary Javascript that could render your site useless, add advertisements, and more. You should definitely get into the habit of escaping any text that users can submit before displaying it, either by gsubing manually or using a helper method like this.
I'm developing a browser and I want to automatically insert a string in googles search field, when loading the page. The problem is, that it has no type="text". I've seen an approach to search for an element with name="q" (that's the name of the field), but it seems to be not very elegant, since it's possible, that the name changes over time.
Does anyone has a better idea?
THX
I just checked, when I call both "google.com" and "google.at" the text field has type="text":
<input id="gbqfq" class="gbqfif" name="q" type="text" [...]>
But: Searching for an input field with type="text" is just as brittle as searching for an input field with name="q": Google might add more input fields, rename them, do even more JavaScript magic, ...
If you just want to search for stuff, you cann use the following GET request: https://www.google.com/search?q=QUERY_GOES_HERE - This is probably a lot more stable than inserting text into text fields. (HT to Ethan Brouwer who mentioned this in a comment on your question).
I replaced some input texts to textarea.
Now when I save the content in database, the textarea is saving a string " " in database. As it's a empty content, I want to save null on database, like it happens with the input text field.
Do you know why this occurs?
Would this work for you?
if(empty($_POST['textarea'])){
$_POST['textarea']=NULL;
}
You would also need to make sure that the SQL column supports NULL values.
You should be doing something to sanitize user input before it's added to the database in the first place. If the string is empty, have your sanitizer change it to null before it is saved.
You might benefit from reading an article on SQL Injection (I'm assuming you're working with PHP, but this topic is valid for any code that connects to a database).
There was two spaces in my element. Take look at the code:
<li class="comentarios">
<label for="comentarios">Comentários:</label>
<textarea type="text" rows="5" cols="50"> #comentarios </textarea>
</li>
Hi im working on a system with inputfields.
Normaly i put the input field on one line but now i have made it like this below
<input
type='text'
name='alg_persoonsgegevens_achternaam'
id='alg_persoonsgegevens_achternaam'
class='text dontprintinput'
value='xxxxxxx'
maxlength='50'
size='20'
/>
I was wonderdering if ALL browsers (also IE6..) accept this way because the input is not on one line and I have never seen anyone do it before.
That is valid HTML, so all browsers that can render valid HTML will accept this.
In most cases, different kinds of whitespace are interchangeable, and in this case using a newline is no different than using a space.
I need to post multi-line data via a hidden field. The data will be viewed in a textarea after post. How can I post a newline/carriage return in the html form?
I've tried \r\n but that just posts the actual "\r\n" data
<input type="hidden" name="multiline_data" value="line one\r\nline two" />
Is there a way to do this?
Instead of using
<input type="hidden">
Try using
<textarea style="visibility:hidden;position:absolute;">
While new lines (Carriage Return & Line Feed) are technically allowed in <input>'s hidden state, they should be escaped for compatibility with older browsers. You can do this by replacing all Carriage Returns (\u000D or \r) and all Line Feeds (\u000A or \n) with proprietary strings that are recognized by your application to be a Carriage Return or New Line (and also escaped, if present in the original string).
Simply character entities don't work here, due to non-conforming browsers possibly knowing
and
are new lines and stripping them from the value.
Example
For example, in PHP, if you were to echo the passed value to a textarea, you would include the newlines (and unescaped string).
<textarea>Some text with a \ included
and a new line with \r\n as submitted value</textarea>
However, in PHP, if you were to echo the value to the value attribute of an <input> tag, you would escape the new lines with your proprietary strings (e.g. \r and \n), and escape any instances of your proprietary strings in the submitted value.
<input type="hidden" value="Some text with a \\ included\r\nand a new line\\r\\n as submitted value">
Then, before using the value elsewhere (inserting into a database, emailing, etc), be sure to unescape the submitted value, if necessary.
Reassurance
As further reassurance, I asked the WHATWG, and Ian Hickson, editor of the HTML spec currently, replied:
bfrohs Question about <input type=hidden> -- Are Line Feeds and Carriage Returns allowed in the value? They are specifically disallowed in Text state and Search state, but no mention is made for Hidden state. And, if not, is there an acceptable HTML solution for storing form data from a textarea?
Hixie yes, they are allowed // iirc // for legacy reasons you may wish to escape them though as some browsers normalise them away // i forget if we fixed that or not // in the spec
Source
Depends on the character set really but
should be linefeed and
should be carriage return. You should be able to use those in the value attribute.
You don't say what this is for or what technology you're using, but you need to be aware that you can't trust the hidden field to remain with value="line one
line two", because a hostile user can tamper with it before it gets sent back in the POST. Since you're putting the value in a <textarea> later, you will definitely be subject to, for example, cross site scripting attacks unless you verify and/or sanitize your "multiline_data" field contents before you write it back out.
When writing a value into a hidden field and reading it back, it's usually better to just keep it on the server, as an attribute of the session, or pageflow, or whatever your environment provides to do this kind of thing.