Say I am displaying escaped value in HTML with below code under text area:
<c:out value="${person.name}" />
My question do I need to decode this value at server side manually or browser will do it automatically ?
Asked
Active
Viewed 69 times
2 Answers
1
No, you need not to decode this value manually .. All you need is:
- Specify your HTTP response content type encoding as UTF-8. To be precise use
HttpServletResponse.setContentType ("text/html;charset=utf-8");. - Your JSP should have content type encoding set as UTF-8 in your JSP .. To be precise add this meta tag in your JSP and you should be good to go
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
When you have this tag in your JSP then browser will understand that content of this page should be render as per UTF-8 encoding rules.
If don't specify page encoding explicitly using these kind of meta tags or some other mechanism then browser use default encoding associated with it while page rendering and you may not see expected result especially for characters from Unicode's advanced blocks of BMP and Supplementary Multilingual Plane. Check this on how to see the default encoding of browser.
Concept
Server should specify desired encoding scheme in "response stream" and same encoding scheme should be used in JSP/ASP/HTML page.
Server side encoding options
PHP
header('Content-type: text/html; charset=utf-8');
Perl
print "Content-Type: text/html; charset=utf-8\n\n";
Python Use the same solution as for Perl (except that you don't need a semicolon at the end).
Java Servlets
resource.setContentType ("text/html;charset=utf-8");
JSP
<%@ page contentType="text/html; charset=UTF-8" %>
ASP and ASP.Net
<%Response.charset="utf-8"%>
Client side encoding options
Use following meta tag in your HTML page <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
Further reading:
hagrawal7777
- 14,103
- 5
- 40
- 70
-
my question is actually once I escape the data on browser with c:out do I need to decode at server side i.e in my servlet ? – emilly Nov 20 '15 at 04:28
-
`c:out` is to display something in browser which is coming from server .. It is not meant to push something to server .. So, what you are saying is not possible in first place .. In any case, if you want to handle the encoding on your HTTP request object then use `request.setCharacterEncoding("UTF-8");` .. Read the answer link I have provided in "Further reading" to get in depth details on server and client side encoding details .. – hagrawal7777 Nov 20 '15 at 13:24
-
I understand that `c:out is to display something in browser which is coming from server .. ` but what I am asking is once some output has been displayed on browser with c:out and now form is submitted back to server. Now do I have to decode the code in my servlet again? – emilly Nov 22 '15 at 14:54
-
For example : - I use c:out on input `h&Agrawal` it will render on browser as `h&Agrawal` though it will be displayed as HAgrawal only in html. My question is submit html form back to server, in my servlet do I need to decode explicitly to convert `h&Agrwal` to `hAgrawal` ? – emilly Nov 22 '15 at 14:57
-
I have started my answer with the same that you don't require to do it manually .. If would not face any issue (moreover you are using characters from ASCII table http://www.asciitable.com/ which is always safe without any encoding) but in case you are facing any issues then I have provided the solution for that as well .. – hagrawal7777 Nov 22 '15 at 17:21
-
Em, does it answer your question ?? Please feel free to let me know in case of any other question ?? – hagrawal7777 Nov 25 '15 at 14:43
0
when I get the request.parameter for the escaped input (done thru) <c:out value="${person.name}" />, I get the escaped value and store it in db as it is. For example :- <script>test</script> is stored as <script>test</script> Now when value is fetched from DB and displayed on browser, it renders it correctly i.e <script>test</script> is displayed as <script>test</script>
emilly
- 10,060
- 33
- 97
- 172