public class UrlTag extends HtmlEscapingAwareTag implements ParamAware
Enhancements to the JSTL functionality include:
Template URI variables are indicated in the 'value'
attribute and marked by braces '{variableName}'. The braces and attribute name are
replaced by the URL encoded value of a parameter defined with the spring:param tag
in the body of the url tag. If no parameter is available the literal value is
passed through. Params matched to template variables will not be added to the query
string.
Use of the spring:param tag for URI template variables is strongly recommended over direct EL substitution as the values are URL encoded. Failure to properly encode URL can leave an application vulnerable to XSS and other injection attacks.
URLs can be HTML/XML escaped by setting the 'htmlEscape'
attribute to 'true'. Detects an HTML escaping setting, either on
this tag instance, the page level, or the web.xml
level. The default
is 'false'. When setting the URL value into a variable, escaping is not recommended.
Example usage:
<spring:url value="/url/path/{variableName}"> <spring:param name="variableName" value="more than JSTL c:url" /> </spring:url>Results in:
/currentApplicationContext/url/path/more%20than%20JSTL%20c%3Aurl
ParamTag
,
Serialized Formlogger, REQUEST_CONTEXT_PAGE_ATTRIBUTE
id, pageContext
EVAL_BODY_AGAIN
EVAL_BODY_INCLUDE, EVAL_PAGE, SKIP_BODY, SKIP_PAGE
Constructor and Description |
---|
UrlTag() |
Modifier and Type | Method and Description |
---|---|
void |
addParam(Param param)
Callback hook for nested spring:param tags to pass their value
to the parent tag.
|
protected String |
createQueryString(List<Param> params,
Set<String> usedParams,
boolean includeQueryStringDelimiter)
Build the query string from available parameters that have not already
been applied as template params.
|
int |
doEndTag() |
int |
doStartTagInternal()
Called by doStartTag to perform the actual work.
|
protected String |
replaceUriTemplateParams(String uri,
List<Param> params,
Set<String> usedParams)
Replace template markers in the URL matching available parameters.
|
void |
setContext(String context)
Set the context path for the URL.
|
void |
setJavaScriptEscape(boolean javaScriptEscape)
Set JavaScript escaping for this tag, as boolean value.
|
void |
setScope(String scope)
Set the scope to export the URL variable to.
|
void |
setValue(String value)
Sets the value of the URL
|
void |
setVar(String var)
Set the variable name to expose the URL under.
|
htmlEscape, isDefaultHtmlEscape, isHtmlEscape, isResponseEncodedHtmlEscape, setHtmlEscape
doCatch, doFinally, doStartTag, getRequestContext
doAfterBody, findAncestorWithClass, getId, getParent, getValue, getValues, release, removeValue, setId, setPageContext, setParent, setValue
public void setValue(String value)
public void setContext(String context)
public void setVar(String var)
public void setScope(String scope)
public void setJavaScriptEscape(boolean javaScriptEscape) throws JspException
JspException
public void addParam(Param param)
ParamAware
addParam
in interface ParamAware
param
- the result of the nested spring:param
tagpublic int doStartTagInternal() throws JspException
RequestContextAwareTag
doStartTagInternal
in class RequestContextAwareTag
JspException
TagSupport.doStartTag()
public int doEndTag() throws JspException
doEndTag
in interface Tag
doEndTag
in class TagSupport
JspException
protected String createQueryString(List<Param> params, Set<String> usedParams, boolean includeQueryStringDelimiter) throws JspException
The names and values of parameters are URL encoded.
params
- the parameters to build the query string fromusedParams
- set of parameter names that have been applied as
template paramsincludeQueryStringDelimiter
- true if the query string should start
with a '?' instead of '&'JspException
protected String replaceUriTemplateParams(String uri, List<Param> params, Set<String> usedParams) throws JspException
Parameter values are URL encoded.
uri
- the URL with template parameters to replaceparams
- parameters used to replace template markersusedParams
- set of template parameter names that have been replacedJspException