Online documentation - Websydian v6.5 |
With the PageGeneratorWithCharConversion pattern, all replaced values substituted into the generated HTML page are scanned for HTML code. If any of the substituted fields contain characters with a specific significance in HTML, these are replaced by HTML quoted characters that are recognized by the web browser. The values will then be rendered to their original form.
Websydian does this by scanning all text strings to be substituted in to the template document, and by replacing the characters '<', '>', '"' (double quote mark) and '&' with the corresponding HTML quoted representations before the substitution process. This substitution is only performed on fields of type character (FLD type *Character).
In this way, it is not possible to misuse the web application by entering HTML tags or scripts in input fields that at a later point in time may show up in the browser of another web user.
It is possible to control whether or not this conversion should take place for the specific fields on the generated HTML page. This is done by populating the variable DisableHtmlCharacterConversion with the fields to which the conversion should be suppressed.
Page Generator functions cannot be implemented from the PageGeneratorWithCharConversion pattern alone. A PageGenerator pattern must also be included in the inheritance path.