Refer the id variable of logic - iterate using jstl-el - jsp-tags

Facing a unusual challenge :
//Code
<logic:iterate id="list" name="accountRouteConfigListForm" property="valueList" indexId="incr">
<div <custom:align defaultAlign="left"/>>
<html:select name="list" property="accountStatus" onchange="onChangeStatus(${list.accName})"> //This is not working, how to refer accName in list
<html:option value="<%= String.valueOf(Constants.ENABLED) %>">
</html:option>
<html:option value="<%= String.valueOf(Constants.DISABLED) %>">
</html:option>
How do i refer a field inside a list and pass it as an argument to onChangeStatus

First, it seems you are missing an end tag for <logic:iterate> in your example code.
Second, unless you have a very good reason, try to use JSTL instead of the outdated struts custom tags. It's always good to stay with standards, right?
In your case, that would look like this:
<c:forEach items="${accountRouteConfigListForm.valueList}" var="list">
....
</c:forEach>

Related

For posting back on itself with query string

I have
<form action="?#cgi.query_string#" method="post" ...
The cgi.query_string comes in with an indefinite number of variables. I tried using
<form action="?#EncodeForURL(cgi.query_string)#" method="post" ...
Should I be doing any kind of escaping?
You are using method="POST" in your form tag. So you're trying to have a page with both a query string (URL scope) and a form body (FORM scope), correct?
I'm not sure that's best practice or even allowed by some browsers (I read elsewhere they'll strip query strings on POST actions).
The best solution might be to make the action either GET or POST, and loop through the query string making each item a hidden input?
<cfloop list="#CGI.query_string#" delimiters="&" index="i">
<input
type='hidden'
name='#listFirst(i, "=")#'
value='#listLast(i, "=")#'
/>
</cfloop>
As you say, you can't do this. Your specific question was whether you should do any escaping. The answer to that is "yes" and the location is going to be on the backend, parsing the query string.
<cfoutput>
<form action='?#CGI.query_string#' method='POST' class='form-horizontal bordered-group' role='form' id='test'>
<input
class='form-control'
type='text'
name='formvar'
/>
<input
class="btn btn-primary btn-lg btn-block"
type="submit"
value="Submit"
/>
</form>
</cfoutput>
Will submit a form to the same page, with the FORM scope present, the URL scope present, and the CGI.query_string defined. The CGI.query_string will have url formatting (%20 for space, etc). The FORM and URL scopes will already be decoded (%20 converted to space, etc).
It seems the crux of your question is really about security and sanitization. In which case you'll want to examine encodeForHTML() (Adobe Docs for encodeForHTML()).
Obviously, this isn't 100% foolproof, since I don't know the details of your code and what you do with the input. But those sanitization functions should be a good start.
So very generally, if you use the URL scope, use encodeForHTML(), and if you use #CGI.query_string#, it will be URL-encoded.

How can I pass "type" attribute within <html:text> in struts1

When I try to write something like this: <html:text styleId="Istituto" type="number"> in the struts1 it gives me an error
Attribute type invalid for tag text according to TLD
How can I add "type" attribute to <html:text> tag?
I know this is old, but I'm currently working on a super old application that uses Struts 1 framework, and today I had the same problem. Here's the solution I'm using that works:
<input type="number" name="budgetValue"
value="<bean:write name="applicantForm" property="budgetValue"/>">
Where:
budgetValue - is the Form property; applicantForm - is the Form
Thanks to Milebza for the answer, but for me only this way has worked.
<input type="number" name="budgetValue" value="${applicantForm.budgetValue}" />

AngularJS: Why ng-model scope's variable is not shown in inspector if input field is empty?

I have an input form like this:
<form name="userForm">
<md-input-container>
<label>Username</label>
<input name="username" ng-model="userLogin.username" required>
<div ng-messages="userLogin.username.$error" ng-show="userLogin.username.$dirty">
<div ng-message="required">This is required!</div>
</div>
</md-input-container>
</form>
<div layout="row" layout-align="center">
<md-button class="md-raised md-primary md-padding button-margin" ng-click="handleLoginResult()" ng-disabled="!userForm.$valid">Login</md-button>
</div>
The problem is that until I don't write anything in the input field (= user interaction), the userLogin.username variable doesn't appear in the $scope (I'm using AngularJS' addon for Chrome dev console).
Indeed if I try to print it I get erro (userLogin is not defined >> username can't be read).
Any clue?
Typically, in an AngularJS controller, if you do not create the property implicitly on the $scope object it will not be defined until a bound element attempts to update it. This is just the nature of how AngularJS works and the nature of dynamic Javascript. Is there a reason you need to get to the property if it isn't defined yet? From your question I am assuming that you were just prodding it with the console. If you really need to use it in a function before it is defined use the OR logical operator in Javascript represented by two pipe characters:
$scope.userLogin || '';

How to customize search container emptyResultsMessage in lifray?

I want to display the message with a jsp page in search container emptyResultsMessage.
Presently my code is:
<liferay-ui:search-container delta="10" emptyResultsMessage="There are no results." iteratorURL="<%=iteratorURL %>" deltaConfigurable="true" var="searchContainer" >
Now when I want to display
There are no results.+ button.jsp
in emptyResultsMessage.
In button.jsp I have a button. It has to display when emptyResultsMessage is empty.
Can any one tell me how to display it?
<liferay-ui:search-container delta="10" emptyResultsMessage="there were no courses found please <jsp:include page='subscribeSearch.jsp' /> with us" iteratorURL="<%=iteratorURL %>" deltaConfigurable="true" var="searchContainer" >
<liferay-util:buffer .../> is your friend. You don't seem to care for internationalization, so the easy approach is this: Construct the message before, then just use it:
(untested pseudocode, don't expect it to work out of the box)
<liferay-util:buffer var="emptyMessage">
there were no courses found please
<liferay-util:include
page="subscribeSearch.jsp"
/>
with us
</liferay-util:buffer>
<liferay-ui:search-container delta="10"
emptyResultsMessage="<%=emptyMessage%>"
iteratorURL="<%=iteratorURL %>"
deltaConfigurable="true"
var="searchContainer"
>
....
IMHO I'd construct the whole message on that jsp page rather than just fragments. But I'd also use proper i18n, but you get the basic idea from this.
Also, check if you need to escape the string (e.g. use <%=HtmlUtil.escape(emptyMessage)%>). I'm not sure which order the processing is done out of the top of my head (can't test currently)

Hidden Input Field causes potentially dangerous Request.Form value error

In my ASP.NET 1.1 application, I am compressing and replacing the hidden Viewstate variable with an alternate compressed value, stored in a hidden field called __VSTATE. This works well but on a few occasions, submitting a page causes the common "potentially dangerous Request.Form value ..." error.
I examined the __VSTATE value and nothing seems to be potentially dangerous. I was able to reproduce the error with a completely stripped down version of the page and __VSTATE value as shown below. Pressing the submit button causes the error. The page works fine if I change the value to "".
<%# Page Language="vb" AutoEventWireup="false" Codebehind="Dangerous.aspx.vb" Inherits="Dynalabs.Dangerous" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body MS_POSITIONING="FlowLayout">
<form id="Form1" method="post" runat="server">
<input type="hidden" id="__VSTATE" runat="server" value="Onw=" />
<asp:Button ID="btnSubmit" Runat="server" Text="Submit" />
</form>
</body>
</html>
Changing the field name to "MyHiddenWT" made no difference. Removing the runat="server" did stop the error but that just means that .NET only examines server side controls. I also tried some additional values and found that of the following:
"Anw=", "Bnw=", "Cnw=", ... "Nnw=", "Onw=", "Pnw=", ... "Znw=",
"Onw=" is the only one that causes the problem. Is the captial O being seen as an octal value somehow?
Can someone explain why this value is triggering the error message? I'm also looking for a solution but, please, do not tell me to remove page validation. That's the same as saying a car with bad brakes can be fixed by not driving the car.
Thank you in advance.
My first guess is that it looks like a "OnSomething=" javascript event declaration.
It's a little weird that only the capital O triggers the error, did you test on the lowercase o as well?
Can you try these: "OnClick=", "abc OnClick=", "onclick=", "abc onclick=", "anw=", "bnw=", ...
If "OnSomething=x" javascript is a problem, then simply adding another character to your values should do the trick. Maybe a simple 'v' should do.
<input type="hidden" id="__VSTATE" runat="server" value="vOnw=" />
And then on submit, you remove the extra character before decoding.
Or better yet, upgrade to 2.0.
You've got the essence of the reason. Here's the best link in a response I got from another site:
http://groups.google.com/group/microsoft.public.dotnet.framework.aspnet.security/browse_thread/thread/d91d89511401e979

Resources