Struts 2 tag doesn't display UTF-8 characters

Question

I am using Struts 2 and I have a label tag in my JSP that has label and name attribute in it, like below

<s:label label="Name" name="editNom.name" />

Name attribute contains value Maz's Organisation (from variable editNom.name) that should be displayed as Maz's Organisation. This value displays fine when I use ${editNom.name} directly in JSP with UTF-8 encoding. However, in the same JSP, when I use the above struts tag, it displays as Maz's Organisation.

Can some one suggest how do I apply UTF-8 character encoding to struts tags?

EDIT - 10/02/2017:

I found the root cause. On inspecting my webpage in chrome, I find that the value when using the variable directly in JSP is

Maz&apos;s Organisation

where as when I use it in struts tag, it escapes the & to & thus the value becomes

Maz&amp;apos;s Organisation

If I can stop struts from escaping &, I guess this issue can be resolved. Not sure how to do that. Can some one help me in this?

*"This value displays fine in JSP with UTF-8 encoding. However, in the same JSP, when I use the above struts tag, it displays as..."* EH? What do you mean "displays fine" ? With what, ? ? — Andrea Ligios, Feb 09 '17 at 11:31
@AndreaLigios, it display's fine when I used `${editNom.name}` in my JSP. — Maz, Feb 09 '17 at 21:58
I guess it is. The value in the variable contains `'` which is UTF-8 for single quote/apostrophe. Like in the word `Maz's`. — Maz, Feb 09 '17 at 22:12

score 1 · Accepted Answer · edited May 23 '17 at 10:29

1

UTF-8 is a character encoding. &apos, &amp etc... are HTML character entitities, escaped representation of special characters.

You're misusing the UTF-8 word, and hence the UTF-8 concept, and hence every search you did on google led you on the wrong direction.

While you need to escape a text (in a .properties file or in the database, whatever your source data come from) if you output it with JSP EL (the ${} notation), you don't need to do it if you use Struts tags like <s:text /> and <s:property />, or even JSTL tags, because they've a built-in escaping mechanism. It works as-is.

In the case of the apostrophe, however, you should double it in order to make it work, like

editNom.name=Maz''s Organisation

, otherwise it will be dropped and you'll get in output

Mazs Organisation

That's it. You were just in the wrong direction.

If you don't want or can't use the <s:property/> tag, you should un-escape the data in the action with some util.

edited May 23 '17 at 10:29

Community

1
1

answered Feb 09 '17 at 23:32

Andrea Ligios

49,480
26
114
243

Ok. The value `Maz's Organisation` comes from the DB that I cannot change or modify. So I will have to find a way to not escape the value when using in label tag I guess. When I tried ` `, it displays `Maz's Organisation`, however when I use ``, it displays correctly as `Maz's Organisation`. Is there a way of disabling escaping in lablel tag?. – Maz Feb 09 '17 at 23:45
No, use property tag or unescape it in the action with some util – Andrea Ligios Feb 10 '17 at 00:09
Thanks for that. If you can remove the properties file statement in your answer above and include this comment, I can mark it as an answer so that it will help others like me. – Maz Feb 10 '17 at 00:49
I used property tag for label and it works fine. Now I have same problem in textfield tag. :( – Maz Feb 10 '17 at 03:35
Because the choice of escaping the data in the database is wrong in the first place. What if a field has 5 characters limit and I enter `&&&&&` ? It would be `&&&&&` and would break that limit. Remember that for the next time when the database will be in charge to you. For now, if you can't touch the data, you have to un-escape it in the action, or tu use plain HTML with `` instead of textfield, like `" />`. Please remember to accept and upvote the answer if it helped, thanks – Andrea Ligios Feb 10 '17 at 08:41
https://commons.apache.org/proper/commons-lang/apidocs/org/apache/commons/lang3/StringEscapeUtils.html#unescapeHtml4-java.lang.String- – Andrea Ligios Feb 10 '17 at 08:44

Roman C · Answer 2 · 2021-11-29T13:42:19.857

In Struts2 UI tags escape HTML from the text written to the JSP out. <s:label> tag is an UI tag. So you shouldn't care about XSS protection. But if your initial text is already escaped then it passes to the tag which escape & twice. As a result you will have unreadable content.

You can try StringEscapeUtils class to unescape HTML, but it seems it doesn't support apostrophe.

escapeHtml4

Supports all known HTML 4.0 entities, including funky accents. Note, that the commonly used apostrophe escape character (') is not a legal entity and so is not supported).

if you explore StringEscapeUtils class then you find other methods to escape strings. One of them is

escapeXml

Supports only the five basic XML entities (gt, lt, quot, amp, apos). Does not support DTDs or external entities.

Now, you can write a getter to translate a string

public getName() { return StringEscapeUtils.unescapeXml(name); }

Struts 2 tag doesn't display UTF-8 characters

2 Answers2

escapeHtml4

escapeXml