Re: non SGML character escape

From: Srini <Srinihello@xxxxxxxxx>
Date: Wed, 18 Mar 2009 06:54:47 -0700 (PDT)

On Mar 18, 5:55 am, Sabine Dinis Blochberger <no.s...@xxxxxxxxxxxx>
wrote:

Srini wrote:

On Mar 16, 1:23 pm, Lew <l...@xxxxxxxxxxxxx> wrote:

Mark Space <marksp...@xxxxxxxxxxxxxx> wrote:

The technique I'm familiar with is to validate before it gets to the
database. If the validation fails, kick it back to the user with a big
red X and the error message "No dice."

More generally, always validate input.

We can not really validate and ask the user to remove those because
user can copy from word directly into textarea. In that case how do we
validate?..... apache commons escapeHtml or Xml does not do that job
what is the workaround though?? This seem pretty common issue to me.

That problem can be "solved" by switching to UTF-8.

Or, at the *input* place, add validation/conversion. We had similar
problems in the past with the copy-pasting from MS word to the html
form, and invalid characters got through. Even though the database
should have rejected these (BLOB oddity I suspect). Major headache until
we used UTF-8 in everyhting.

Another possibility is to instruct users to paste to notepad first, then
copy-paste from there. They may or may not do it.

Some of the characters are not being escaped.... I suspect and these
are created in db when users simply copy and past from word or any
news web site.
Ex: "employee bonuses that members of Congress — and much of the
American public — find indefensible"
Characters like thick vertical lines in that above message causing
this error. (in textpad they appear like thick vertical lines but they
appear as diamond brackets in html page )

.

Follow-Ups:
- Re: non SGML character escape
  - From: Sabine Dinis Blochberger
- Re: non SGML character escape
  - From: Lew

References:
- non SGML character escape
  - From: Srini
- Re: non SGML character escape
  - From: Tom Anderson
- Re: non SGML character escape
  - From: Srini
- Re: non SGML character escape
  - From: Mark Space
- Re: non SGML character escape
  - From: Lew
- Re: non SGML character escape
  - From: Srini
- Re: non SGML character escape
  - From: Sabine Dinis Blochberger

Prev by Date: Re: Webcam in browser
Next by Date: Re: JSP login from only a single pc
Previous by thread: Re: non SGML character escape
Next by thread: Re: non SGML character escape
Index(es):
- Date
- Thread

Relevant Pages

RE: Repost - RunTime Error - Field too small
... Jet won't store changes to the external database in the table ... Here is the DLookup statement in the AfterUpdate event of the FacilityNumber ... If the name is longer that 30 characters, I get the error message. ...
(microsoft.public.access.formscoding)
Re: non SGML character escape
... If the validation fails, kick it back to the user with a big ... That problem can be "solved" by switching to UTF-8. ... Even though the database ... Some of the characters are not being escaped.... ...
(comp.lang.java.programmer)
RE: Repost - RunTime Error - Field too small
... Jet won't store changes to the external database in the table ... post your DLookup() code and example data that ... I get an error message and I cannot ... > It seems to die if the field has more than 30 characters. ...
(microsoft.public.access.formscoding)
RE: Unfriendly error message in date field
... database. ... in the properties window you have a validation message area also. ... capture the error with your own error message wording. ...
(microsoft.public.access.formscoding)
Re: Editing individual cells character length
... cells can be changed and stored away in the database. ... Column 1 can allow up to 50 characters whereas column 2 ... But it might be better to keep that part of the validation in the ...
(microsoft.public.vb.general.discussion)