Back Forward p:r JavaServer Page tag

JavaServer Pages tags

  Show all 

Use the p:r tag to display the values of properties, to allow users to enter values for properties, and to insert parameter values. (The p:r tag provides identical capabilities as the reference tag, but requires less typing.)

For a full explanation of the reference tag, see JavaServer Page tags — Reference.

  Syntax

Use p:r rather than pega:reference as the tag. As attributes, substitute n for name, f for format, and m for mode. In the syntax presentations below:

The n attribute is required. The f and m options are optional.

<p:r n="[propertyref]" [f="option"] [m="mode"]/>

  Property name or symbol — n attribute

Enter a property reference or a dynamic reference to a variable in the current stream, such as $this-value or $page-message. For a list of these keywords, see How to reference properties indirectly.

  Format — f attribute

Include the optional f attribute to present the property using an HTML Property rule other than the one referenced in the property definition. Identify another HTML property rule name within double quotes.

6 NoteYou can use the f attribute only when the mode attribute is omitted or is set to display. CLINB 12/6/06 Additionally, the n attribute must explicitly identify a property, not a parameter or symbolic reference. GENTJ 3/10/09

  Presentation — m attribute

The optional m attribute controls additional facets of presentation and processing. If you omit the m attribute, the default value is display.

Option

Results

block

The same as normal, except that line breaks are replaced by the string <br/>. If the string <br> appears, it is not altered.

You can't use the format attribute with m="block". GENTJ 3/10/09

display

Instructs the system to use an HTML Property rule as read only, detectable as !$mode-input.) Stream processing adds a single space before the value and a single space after the value. CLINB 12/03

OldIn releases before V5.4, the keyword $mode-display indicated read-only output. The $mode-display keyword is deprecated for new development; use JSP tags and the display option. Bug-8993 Bug-11595 ERNSG 2/14/08

input

Presents the property in update mode so that a user can enter, or select, a value for the property.

javascript

Advanced featureUseful when the result of the <pega:reference > is to become part of a JavaScript script. Presents the property value in read-only mode, with certain characters within the property value escaped to a backslash equivalent. No HTML property rule is applied.GENTJ CODE-630 12/23/08

For example, assume the value of property MyProperty is This is a "demo". If a stream contains the fragment:

var result="<pega:reference name=".MyProperty" mode="javascript" />";

The output of stream processing is:

var result = "This is a \"demo\"";

which is a valid JavaScript statement. Six characters are escaped:

Character

Output

backspace  \b
tab  \t
formfeed  \f
double quote  \"
single quote  \'
backslash  \\

literal

Causes the value of the property to be masked from HTML processing. Use this if the value may contain angle bracket characters or other HTML elements that are not to be interpreted.

CautionWhen you save a stream rule that includes a reference tag with this mode, you may receive a security warning message: GRP-242 SOLOM 5.5

>>Warning>> Using mode=literal can expose the system to cross-site scripting attacks - use with caution.

CautionFor maximum security, do not use mode="literal" anywhere in the HTML code that formats a property value for a property that is an input value. For example, assume that a <textarea >on a non-autogenerated flow action form allows input of arbitrary text (including angle bracket characters) that is submitted to Process Commander and returned to the browser in literal mode (not encoded). A malicious user could "inject" harmful JavaScript source code into the browser, a tactic loosely termed "cross-site scripting" or XSS.

In all modes other than literal, the angle brackets are converted to HTML entities (<, >), invalidating the JavaScript code.

In rare situations, your application may require mode="literal" in stream rules. For example, the JavaScript target of a button, executed with the onClick= attribute, may be dynamic. Design and test such cases with extreme care.

text

Causes the <BR> tag received in an input textarea to be converted to a new line character.

stream

On output, instructs the system to process the property to display HTML tags without interpreting them.

In addition, the system replaces each newline character and <BR> with a space. It also performs the conversions listed for the normal keyword, so that the true value of the property appears, even if it includes characters that are usually interpreted as HTML elements. VANDJ 9/6/02

normal

On output, converts the <,>, & and * characters to the corresponding HTML entities (&lt; &gt;, &amp; and &ast; respectively) so that they appear correctly in the resulting display or output. ZELEK VANDJ 11/15/02

m attribute examples

Property INFO has the value "Not <i>italic</i> or <b>bold</b>". The table shows the display that results from various settings for the m attribute, using an underscore to show added space characters. CLINB 12/6/06 needs work

Tag

User display (read-only)

<p:r n="INFO" />

_Not <i>italic</i> or <b>bold</b>_

<p:r n="INFO" m="display"/>

_Not <i>italic</i> or <b>bold</b>_

<p:r n="INFO" m="text"/>

Not <i>italic</i> or <b>bold</b>

<p:r n="INFO" m="stream"/>

Not <i>italic</i> or <b>bold</b>

<p:r n="INFO" m="literal"/>

Not italic or bold

Related topics How to reference properties indirectly within tags

Up JavaServer Page tags