public class UrlTag extends HtmlEscapingAwareTag implements ParamAware
Enhancements to the JSTL functionality include:
Template URI variables are indicated in the 'value'
attribute and marked by braces '{variableName}'. The braces and attribute name are
replaced by the URL encoded value of a parameter defined with the spring:param tag
in the body of the url tag. If no parameter is available the literal value is
passed through. Params matched to template variables will not be added to the query
string.
Use of the spring:param tag for URI template variables is strongly recommended over direct EL substitution as the values are URL encoded. Failure to properly encode URL can leave an application vulnerable to XSS and other injection attacks.
URLs can be HTML/XML escaped by setting the 'htmlEscape'
attribute to 'true'. Detects an HTML escaping setting, either on
this tag instance, the page level, or the web.xml
level. The default
is 'false'. When setting the URL value into a variable, escaping is not recommended.
Example usage:
<spring:url value="/url/path/{variableName}"> <spring:param name="variableName" value="more than JSTL c:url" /> </spring:url>Results in:
/currentApplicationContext/url/path/more%20than%20JSTL%20c%3Aurl
ParamTag
Modifier and Type | Class and Description |
---|---|
private static class |
UrlTag.UrlType
Internal enum that classifies URLs by type.
|
Modifier and Type | Field and Description |
---|---|
private java.lang.String |
context |
private boolean |
javaScriptEscape |
private java.util.List<Param> |
params |
private int |
scope |
private java.util.Set<java.lang.String> |
templateParams |
private UrlTag.UrlType |
type |
private static java.lang.String |
URL_TEMPLATE_DELIMITER_PREFIX |
private static java.lang.String |
URL_TEMPLATE_DELIMITER_SUFFIX |
private static java.lang.String |
URL_TYPE_ABSOLUTE |
private java.lang.String |
value |
private java.lang.String |
var |
logger, REQUEST_CONTEXT_PAGE_ATTRIBUTE
Constructor and Description |
---|
UrlTag() |
Modifier and Type | Method and Description |
---|---|
void |
addParam(Param param)
Callback hook for nested spring:param tags to pass their value
to the parent tag.
|
protected java.lang.String |
createQueryString(java.util.List<Param> params,
java.util.Set<java.lang.String> usedParams,
boolean includeQueryStringDelimiter)
Build the query string from available parameters that have not already
been applied as template params.
|
private java.lang.String |
createUrl()
Build the URL for the tag from the tag attributes and parameters.
|
int |
doEndTag() |
int |
doStartTagInternal()
Called by doStartTag to perform the actual work.
|
protected java.lang.String |
replaceUriTemplateParams(java.lang.String uri,
java.util.List<Param> params,
java.util.Set<java.lang.String> usedParams)
Replace template markers in the URL matching available parameters.
|
void |
setContext(java.lang.String context)
Set the context path for the URL.
|
void |
setJavaScriptEscape(boolean javaScriptEscape)
Set JavaScript escaping for this tag, as boolean value.
|
void |
setScope(java.lang.String scope)
Set the scope to export the URL variable to.
|
void |
setValue(java.lang.String value)
Sets the value of the URL
|
void |
setVar(java.lang.String var)
Set the variable name to expose the URL under.
|
isDefaultHtmlEscape, isHtmlEscape, setHtmlEscape
doCatch, doFinally, doStartTag, getRequestContext
private static final java.lang.String URL_TEMPLATE_DELIMITER_PREFIX
private static final java.lang.String URL_TEMPLATE_DELIMITER_SUFFIX
private static final java.lang.String URL_TYPE_ABSOLUTE
private java.util.List<Param> params
private java.util.Set<java.lang.String> templateParams
private UrlTag.UrlType type
private java.lang.String value
private java.lang.String context
private java.lang.String var
private int scope
private boolean javaScriptEscape
public void setValue(java.lang.String value)
public void setContext(java.lang.String context)
public void setVar(java.lang.String var)
public void setScope(java.lang.String scope)
public void setJavaScriptEscape(boolean javaScriptEscape) throws JspException
JspException
public void addParam(Param param)
ParamAware
addParam
in interface ParamAware
param
- the result of the nested spring:param
tagpublic int doStartTagInternal() throws JspException
RequestContextAwareTag
doStartTagInternal
in class RequestContextAwareTag
JspException
javax.servlet.jsp.tagext.TagSupport#doStartTag
public int doEndTag() throws JspException
JspException
private java.lang.String createUrl() throws JspException
JspException
protected java.lang.String createQueryString(java.util.List<Param> params, java.util.Set<java.lang.String> usedParams, boolean includeQueryStringDelimiter) throws JspException
The names and values of parameters are URL encoded.
params
- the parameters to build the query string fromusedParams
- set of parameter names that have been applied as
template paramsincludeQueryStringDelimiter
- true if the query string should start
with a '?' instead of '&'JspException
protected java.lang.String replaceUriTemplateParams(java.lang.String uri, java.util.List<Param> params, java.util.Set<java.lang.String> usedParams) throws JspException
Parameter values are URL encoded.
uri
- the URL with template parameters to replaceparams
- parameters used to replace template markersusedParams
- set of template parameter names that have been replacedJspException