Author: pbenedict
Date: Fri Jun 29 20:25:13 2007
New Revision: 552086
URL: http://svn.apache.org/viewvc?view=rev&rev=552086
Log:
STR-1922: Add filterArgs parameter
Modified:
struts/struts1/trunk/taglib/src/main/java/org/apache/struts/taglib/html/MessagesTag.java
struts/struts1/trunk/taglib/src/main/resources/META-INF/tld/struts-html.tld
Modified:
struts/struts1/trunk/taglib/src/main/java/org/apache/struts/taglib/html/MessagesTag.java
URL:
http://svn.apache.org/viewvc/struts/struts1/trunk/taglib/src/main/java/org/apache/struts/taglib/html/MessagesTag.java?view=diff&rev=552086&r1=552085&r2=552086
==============================================================================
---
struts/struts1/trunk/taglib/src/main/java/org/apache/struts/taglib/html/MessagesTag.java
(original)
+++
struts/struts1/trunk/taglib/src/main/java/org/apache/struts/taglib/html/MessagesTag.java
Fri Jun 29 20:25:13 2007
@@ -103,6 +103,12 @@
*/
protected String message = null;
+ /**
+ * Filter the message replacement values for characters that are
+ * sensitive in HTML? Default is <code>false</code>.
+ */
+ protected boolean filterArgs = false;
+
public String getId() {
return (this.id);
}
@@ -167,6 +173,14 @@
this.message = message;
}
+ public boolean getFilterArgs() {
+ return (this.filterArgs);
+ }
+
+ public void setFilterArgs(boolean filterArgs) {
+ this.filterArgs = filterArgs;
+ }
+
/**
* Construct an iterator for the specified collection, and begin looping
* through the body once per element.
@@ -256,8 +270,13 @@
String msg = null;
if (report.isResource()) {
+ Object[] values = report.getValues();
+ if (filterArgs) {
+ values = filterMessageReplacementValues(values);
+ }
+
msg = TagUtils.getInstance().message(pageContext, bundle, locale,
- report.getKey(), report.getValues());
+ report.getKey(), values);
if (msg == null) {
String bundleName = (bundle == null) ? "default" : bundle;
@@ -277,6 +296,30 @@
}
/**
+ * Performs filtering on the elements of specified Array.
+ * Filtering is only performed on elements which are instances of
+ * <code>String</code>.
+ *
+ * @param values The message values to be filtered
+ */
+ private Object[] filterMessageReplacementValues(Object[] values) {
+ if (values == null) {
+ return (null);
+ }
+
+ Object[] filteredArgs = new Object[values.length];
+ for (int i = 0; i < values.length; ++i) {
+ if (values[i] instanceof String) {
+ filteredArgs[i] = TagUtils.getInstance().filter((String)
values[i]);
+ } else {
+ filteredArgs[i] = values[i];
+ }
+ }
+
+ return filteredArgs;
+ }
+
+ /**
* Clean up after processing this enumeration.
*
* @throws JspException if a JSP exception has occurred
@@ -310,5 +353,6 @@
header = null;
footer = null;
message = null;
+ filterArgs = false;
}
}
Modified:
struts/struts1/trunk/taglib/src/main/resources/META-INF/tld/struts-html.tld
URL:
http://svn.apache.org/viewvc/struts/struts1/trunk/taglib/src/main/resources/META-INF/tld/struts-html.tld?view=diff&rev=552086&r1=552085&r2=552086
==============================================================================
--- struts/struts1/trunk/taglib/src/main/resources/META-INF/tld/struts-html.tld
(original)
+++ struts/struts1/trunk/taglib/src/main/resources/META-INF/tld/struts-html.tld
Fri Jun 29 20:25:13 2007
@@ -5353,6 +5353,26 @@
</description>
</attribute>
<attribute>
+ <name>filterArgs</name>
+ <required>false</required>
+ <rtexprvalue>true</rtexprvalue>
+ <description>
+ <![CDATA[
+ By default no filtering to escape XML characters like
"<"
+ occurs on the replacement values going into the message
pattern.
+ If this attribute is set to 'true', the replacement values
will
+ be filtered, while the text of the message pattern itself will
+ be left intact. This can be useful if you have markup in your
+ message patterns which you want to keep, but would like to
+ filter the replacement values going into them, e.g. if they
+ reflect user input. For instance:
+
+ <pre>errors.divideZero=The mathematical expression
+ <strong>{0}</strong> caused a divide by zero.</pre>
+ ]]>
+ </description>
+ </attribute>
+ <attribute>
<name>locale</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
