spring-framework / org.springframework.web.servlet.tags / UrlTag

UrlTag

open class UrlTag : HtmlEscapingAwareTag, ParamAware

The <url> tag creates URLs. Modeled after the JSTL c:url tag with backwards compatibility in mind.

Enhancements to the JSTL functionality include:

Template URI variables are indicated in the 'value' attribute and marked by braces '{variableName}'. The braces and attribute name are replaced by the URL encoded value of a parameter defined with the spring:param tag in the body of the url tag. If no parameter is available the literal value is passed through. Params matched to template variables will not be added to the query string.

Use of the spring:param tag for URI template variables is strongly recommended over direct EL substitution as the values are URL encoded. Failure to properly encode URL can leave an application vulnerable to XSS and other injection attacks.

URLs can be HTML/XML escaped by setting the 'htmlEscape' attribute to 'true'. Detects an HTML escaping setting, either on this tag instance, the page level, or the web.xml level. The default is 'false'. When setting the URL value into a variable, escaping is not recommended.

Example usage: 

<spring:url value="/url/path/{variableName}"> <spring:param name="variableName" value="more than JSTL c:url" /> </spring:url>

The above results in: /currentApplicationContext/url/path/more%20than%20JSTL%20c%3Aurl

Attribute Summary Attribute Required? Runtime Expression? Description value true true The URL to build. This value can include template {placeholders} that are replaced with the URL encoded value of the named parameter. Parameters must be defined using the param tag inside the body of this tag. context false true Specifies a remote application context path. The default is the current application context path. var false true The name of the variable to export the URL value to. If not specified the URL is written as output. scope false true The scope for the var. 'application', 'session', 'request' and 'page' scopes are supported. Defaults to page scope. This attribute has no effect unless the var attribute is also defined. htmlEscape false true Set HTML escaping for this tag, as a boolean value. Overrides the default HTML escaping setting for the current page. javaScriptEscape false true Set JavaScript escaping for this tag, as a boolean value. Default is false.

Author
Scott Andrews

Since
3.0

See Also
ParamTag

Constructors

<init>

 UrlTag()

The <url> tag creates URLs. Modeled after the JSTL c:url tag with backwards compatibility in mind.

Enhancements to the JSTL functionality include:

  • URL encoded template URI variables
  • HTML/XML escaping of URLs
  • JavaScript escaping of URLs

Template URI variables are indicated in the 'value' attribute and marked by braces '{variableName}'. The braces and attribute name are replaced by the URL encoded value of a parameter defined with the spring:param tag in the body of the url tag. If no parameter is available the literal value is passed through. Params matched to template variables will not be added to the query string.

Use of the spring:param tag for URI template variables is strongly recommended over direct EL substitution as the values are URL encoded. Failure to properly encode URL can leave an application vulnerable to XSS and other injection attacks.

URLs can be HTML/XML escaped by setting the 'htmlEscape' attribute to 'true'. Detects an HTML escaping setting, either on this tag instance, the page level, or the web.xml level. The default is 'false'. When setting the URL value into a variable, escaping is not recommended.

Example usage: 

<spring:url value="/url/path/{variableName}"> <spring:param name="variableName" value="more than JSTL c:url" /> </spring:url>

The above results in: /currentApplicationContext/url/path/more%20than%20JSTL%20c%3Aurl

Attribute Summary Attribute Required? Runtime Expression? Description value true true The URL to build. This value can include template {placeholders} that are replaced with the URL encoded value of the named parameter. Parameters must be defined using the param tag inside the body of this tag. context false true Specifies a remote application context path. The default is the current application context path. var false true The name of the variable to export the URL value to. If not specified the URL is written as output. scope false true The scope for the var. 'application', 'session', 'request' and 'page' scopes are supported. Defaults to page scope. This attribute has no effect unless the var attribute is also defined. htmlEscape false true Set HTML escaping for this tag, as a boolean value. Overrides the default HTML escaping setting for the current page. javaScriptEscape false true Set JavaScript escaping for this tag, as a boolean value. Default is false.

Functions

addParam

 open fun addParam(param: Param): Unit

doEndTag

 open fun doEndTag(): Int

doStartTagInternal

 open fun doStartTagInternal(): Int

setContext

 open fun setContext(context: String): Unit

Set the context path for the URL. Defaults to the current context

setJavaScriptEscape

 open fun setJavaScriptEscape(javaScriptEscape: Boolean): Unit

Set JavaScript escaping for this tag, as boolean value. Default is "false".

setScope

 open fun setScope(scope: String): Unit

Set the scope to export the URL variable to. This attribute has no meaning unless var is also defined.

setValue

 open fun setValue(value: String): Unit

Sets the value of the URL

setVar

 open fun setVar(var: String): Unit

Set the variable name to expose the URL under. Defaults to rendering the URL to the current JspWriter