How to escape the Ajax response sent from a jsp file while using tab-lib

Question

I am having a jsp page. Inside which i import a jspf file. In the jspf file, i have used tab-libs similar to this

<a href="javascript:moveToPage('<c:out value="${requestScope.PREVIOUS_LINK}"/>')">
<img align="absmiddle" src="images/<c:out value='${selectedTheme}'/>/previous.gif" width="23" height="14" alt="Previous" title="<fmt:message key="jsp.imagetitle.Previous"/>" border="0"></a>

The jsp file looks like

<div id="someId">
<%@ include file='jspf/myNewPage.jspf'%>
</div>

This jsp page is called to another jsp page using ajax and filled in a div using

$('#divid').html(response.responseText);

When i get the output on the screen, it shows some html tags printed and the image in img tag is not printed.

Answer 1

If you see HTML tags, then someone/something in your code converts the HTML to text (i.e. it escapes all special characters like < to <, etc.) You should see this when looking at the HTML source code in your browser.

This looks odd to me:

<a href="javascript:moveToPage('<c:out value="${requestScope.PREVIOUS_LINK}"/>')">

< isn't allowed inside of an element, so this should either give an error or the code you pasted above isn't a 1:1 copy from your jspf file.

This would be valid:

<a href="javascript:moveToPage('&lt;c:out...

but wouldn't execute the c:out anymore.

Use fn:escapeXml() instead:

<a href="javascript:moveToPage('${fn:escapeXml(requestScope.PREVIOUS_LINK)}'">