Invalid VariableDeclaratorId jsp

advertisements

I am very new to JSP programming and I need to solve an error really fast for a project . Apologies if my research is insufficient .

I am getting the following error in my jsp

Syntax error on token "final", invalid VariableDeclaratorId
118:                                                            sanitize = sanitize.replace("[","").trim();
119:                                                            sanitize = sanitize.replace("]","").trim();
120:                                                            sanitize = sanitize.replace("\"","").trim();
121:                                                              String[] final = sanitize.split(",");
122:
123:
124:                                                              for(int i=0;i<final.length;i++){

An error occurred at line: 124 in the jsp file: /inc/AddClientForm.jsp
Syntax error on token "final", invalid Expression
121:                                                              String[] final = sanitize.split(",");
122:
123:
124:                                                              for(int i=0;i<final.length;i++){
125:
126:
127:

I am essentially splitting a string into an array and populating it on my jsp . I have the following imports on my jsp

<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
<%@ page import="java.util.*" %>
<%@ page import="java.lang.String" %>


The problem is related to basic Java coding. final is a keyword in Java, you cannot use it as name of a variable:

String[] final = sanitize.split(",");

Change the name of the variable:

String[] myFinalSanitizedStrings = sanitize.split(",");


Apart of this problem, you should not sanitize your Strings directly in your JSP, use a Servlet in order to do that. Still, you can prevent any undesired content by just using JSTL <c:out>:

<c:out value="${whateverStringThatCanPotentiallyGenerateAnXSSAttack}" />

More info:

  • How to avoid Java code in JSP files?