How to pass a string containing double quotes from a jsp to a servlet through URL using get method

Question

I want to set a jsp parameter to an attribute value which may contain special symbols, then use a form GET submit to pass the parameter to a servlet controller. For

Answer 1

When filling HTML input values, always use fn:escapeXml(). It not only sanitizes the value from HTML entities which might risk your HTML to malform (a quote denotes end of attribute value, that's why the remnant of your value got lost), but it will also save you from XSS injection attack risks at places where you're redisplaying user-controlled input.

<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>

<input type="hidden" name="searchTerms" value="${fn:escapeXml(sessionScope.combTerms)}">

No need to URLEncode it. The webbrowser will already do it automagically. Try it yourself with an & in the value. You'll see that the webbrowser changes it %26. The webbrowser will also take care about parsing XML entities so that they end up correctly in the URL. I.e. you get " in server side, not ".

Answer 2

You encode the value before placing it into the form and then decode it in the serlvet.

(You might have already seen this as %20 in URL parameters)

Here are the respective classes.

http://download-llnw.oracle.com/javase/1.5.0/docs/api/java/net/URLEncoder.html

http://download-llnw.oracle.com/javase/1.5.0/docs/api/java/net/URLDecoder.html

Answer 3

<% String st = str.replaceAll("\"", "&quot;");%> ,and use st instead of str.