1

I am currently experimenting with different HTML-encoders to encode user supplied values in my Java web application. I wrote a small sample application that prints the results from the different encoders to a website. This works so far without any issues.

Unfortunately the browser (FireFox) also behaves as expected, displaying the encoded characters in the correct way (e.g. transforms &gt; into <). In this special case I do not want this to happen, I want to see the encoded string as it is. I want the browser to display the strings the same way the web server sends them.

The <pre> tag doesn't work, no success with <code> either. Is there a HTML-tag I have overlooked to accomplish that? Or is there another trick I can user? I do not want to manipulate the string in any way on the server side with additional encodings, to avoid misleading results.

To make a long question short - how do I get my browser to display the string 4 &gt; 5 as is and not correctly decoded as 4 < 5?

Improve this question

2 Answers 2

Reset to default
1

If you don't want the browser to treat the document as HTML, then don't serve it as HTML.

In PHP you would do:

<?php
    header('Content-Type: text/plain');
    print $string;
?>

I don't know the Java syntax.

The <pre> tag doesn't work, no success with <code> either

<pre> just means white space is significant. <code> just means "This is an HTML representation of some code".

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks for the reply, but this would only work if the whole document should be treated as text/plain, but this is limited to a small part of the document. The rest of the document uses valid HTML. I need to disable HTML-decoding only for certain strings or parts of the document.
In case this is relevant for anyone, in Java you can set the Content-Type with <%@page language="java" contentType="text/plain; charset=UTF-8" pageEncoding="UTF-8"%> in the beginning of your JSP-File.
There is no (supported) way to say "This bit of an HTML document should be treated as a literal and not as HTML".
0

In this case, you'll actually need to represent the > as HTML entities. So, &amp;gt; should work I believe.

Improve this answer

1 Comment

Yes, that would work. Unfortunately I would need another layer of encoding, possible tampering with the first layer that I want to test. If this is the only way I will have to do it that way, but I would prefer a solution that leaves the original encoded string as it is. Like enclosing html-tags or something similar.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.