14 November 2006
I rolled out the news admin interface to the K-Prep site a few weeks ago, and immediately, Claire found a way to break it -- including a single quote (apostrophe) in a news item broke the rendering of the rich text editor control. It turns out that the
<ww:richtexteditor/> taglib component doesn't automatically escape the contents of the field, so I had to do it manually.
I fixed it by escaping it in my WebWork action before handing the value off to the JSP:
newText.replaceAll("'", "\\\\'"); // yes, it takes that many escapes.
I recently saw a recommendation to use