htmlEscape and databinding

**MikeCohen** · Sep 28th, 2005, 12:21 AM

How do you handle the case where you want user input from a form to be htmlEscape'd when you are binding to a command object? Looks like I'm going to override createBinder in my controller and return my own subclass of ServletRequestDataBinder which simply overrides the bind method and simply htmlEscapes the MutablePropertyValues. A simple implementation would escape every request parameter. Perhaps a little inefficient but oh well. Any ideas?

**katentim** · Sep 28th, 2005, 01:27 AM

How do you handle the case where you want user input from a form to be htmlEscape'd when you are binding to a command object?

Are you sure you want to do this? Usually you HTML escape raw data only when displaying via HTML.

**MikeCohen** · Sep 28th, 2005, 06:24 AM

i know, it's normally unnecessary, but in this case it is a requirement.

Thread: htmlEscape and databinding

Thread Tools

Display

htmlEscape and databinding

Posting Permissions