1

I am currently experimenting with different HTML-encoders to encode user supplied values in my Java web application. I wrote a small sample application that prints the results from the different encoders to a website. This works so far without any issues.

Unfortunately the browser (FireFox) also behaves as expected, displaying the encoded characters in the correct way (e.g. transforms &gt; into <). In this special case I do not want this to happen, I want to see the encoded string as it is. I want the browser to display the strings the same way the web server sends them.

The <pre> tag doesn't work, no success with <code> either. Is there a HTML-tag I have overlooked to accomplish that? Or is there another trick I can user? I do not want to manipulate the string in any way on the server side with additional encodings, to avoid misleading results.

To make a long question short - how do I get my browser to display the string 4 &gt; 5 as is and not correctly decoded as 4 < 5?

Improve this question

2 Answers 2

Reset to default
1

If you don't want the browser to treat the document as HTML, then don't serve it as HTML.

In PHP you would do:

<?php
    header('Content-Type: text/plain');
    print $string;
?>

I don't know the Java syntax.

The <pre> tag doesn't work, no success with <code> either

<pre> just means white space is significant. <code> just means "This is an HTML representation of some code".

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks for the reply, but this would only work if the whole document should be treated as text/plain, but this is limited to a small part of the document. The rest of the document uses valid HTML. I need to disable HTML-decoding only for certain strings or parts of the document.
In case this is relevant for anyone, in Java you can set the Content-Type with <%@page language="java" contentType="text/plain; charset=UTF-8" pageEncoding="UTF-8"%> in the beginning of your JSP-File.
There is no (supported) way to say "This bit of an HTML document should be treated as a literal and not as HTML".
0

In this case, you'll actually need to represent the > as HTML entities. So, &amp;gt; should work I believe.

Improve this answer

1 Comment

Yes, that would work. Unfortunately I would need another layer of encoding, possible tampering with the first layer that I want to test. If this is the only way I will have to do it that way, but I would prefer a solution that leaves the original encoded string as it is. Like enclosing html-tags or something similar.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.