Java Development Tools

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Best way to display javascript text in outputFormatted

514760Mar 31 2008 — edited Mar 31 2008

I currently have an outputFormatted field where I display what users have previously typed in. Sometimes users will put in sections of code such as this:

<SCRIPT LANGUAGE="JavaScript">
function CheckForEnter(objInput, evt) {
var keyCode = document.layers ? evt.which : document.all ?
evt.keyCode : evt.keyCode;
if (keyCode != 13)
return true;
else {
// OK have the Enter key. Get the button and click it.
var strBtnName = objInput.LinkedButton;
var objBtn = document.getElementsByName(strBtnName)[0];
objBtn.click();
return false;
}
}

</SCRIPT>

and here is what is getting displayed in my outputFormatted (note the missing script tags):

function CheckForEnter(objInput, evt) {
var keyCode = document.layers ? evt.which : document.all ?
evt.keyCode : evt.keyCode;
if (keyCode != 13)
return true;
else {
// OK have the Enter key. Get the button and click it.
var strBtnName = objInput.LinkedButton;
var objBtn = document.getElementsByName(strBtnName)[0];
objBtn.click();
return false;
}
}

What is the best way to handle this? Should I try to escape the < and > when I check what the user entered?

Thanks in advance,
Chris

Locked Post

New comments cannot be posted to this locked post.

Locked on Apr 28 2008

Added on Mar 31 2008

#application-development-in-java, #jdeveloper-and-adf

2 comments

476 views