public class UrlTag extends HtmlEscapingAwareTag implements ParamAware
<url>
tag creates URLs. Modeled after the JSTL c:url tag with
backwards compatibility in mind.
Enhancements to the JSTL functionality include:
Template URI variables are indicated in the 'value'
attribute and marked by braces '{variableName}'. The braces and attribute name are
replaced by the URL encoded value of a parameter defined with the spring:param tag
in the body of the url tag. If no parameter is available the literal value is
passed through. Params matched to template variables will not be added to the query
string.
Use of the spring:param tag for URI template variables is strongly recommended over direct EL substitution as the values are URL encoded. Failure to properly encode URL can leave an application vulnerable to XSS and other injection attacks.
URLs can be HTML/XML escaped by setting the 'htmlEscape'
attribute to 'true'. Detects an HTML escaping setting, either on
this tag instance, the page level, or the web.xml
level. The default
is 'false'. When setting the URL value into a variable, escaping is not recommended.
Example usage:
<spring:url value="/url/path/{variableName}"> <spring:param name="variableName" value="more than JSTL c:url" /> </spring:url>
The above results in:
/currentApplicationContext/url/path/more%20than%20JSTL%20c%3Aurl
Attribute | Required? | Runtime Expression? | Description |
---|---|---|---|
value | true | true | The URL to build. This value can include template {placeholders} that are replaced with the URL encoded value of the named parameter. Parameters must be defined using the param tag inside the body of this tag. |
context | false | true | Specifies a remote application context path. The default is the current application context path. |
var | false | true | The name of the variable to export the URL value to. If not specified the URL is written as output. |
scope | false | true | The scope for the var. 'application', 'session', 'request' and 'page' scopes are supported. Defaults to page scope. This attribute has no effect unless the var attribute is also defined. |
htmlEscape | false | true | Set HTML escaping for this tag, as a boolean value. Overrides the default HTML escaping setting for the current page. |
javaScriptEscape | false | true | Set JavaScript escaping for this tag, as a boolean value. Default is false. |
ParamTag
,
Serialized Formlogger, REQUEST_CONTEXT_PAGE_ATTRIBUTE
id, pageContext
EVAL_BODY_AGAIN
EVAL_BODY_INCLUDE, EVAL_PAGE, SKIP_BODY, SKIP_PAGE
Constructor and Description |
---|
UrlTag() |
Modifier and Type | Method and Description |
---|---|
void |
addParam(Param param)
Callback hook for nested spring:param tags to pass their value
to the parent tag.
|
protected java.lang.String |
createQueryString(java.util.List<Param> params,
java.util.Set<java.lang.String> usedParams,
boolean includeQueryStringDelimiter)
Build the query string from available parameters that have not already
been applied as template params.
|
int |
doEndTag() |
int |
doStartTagInternal()
Called by doStartTag to perform the actual work.
|
protected java.lang.String |
replaceUriTemplateParams(java.lang.String uri,
java.util.List<Param> params,
java.util.Set<java.lang.String> usedParams)
Replace template markers in the URL matching available parameters.
|
void |
setContext(java.lang.String context)
Set the context path for the URL.
|
void |
setJavaScriptEscape(boolean javaScriptEscape)
Set JavaScript escaping for this tag, as boolean value.
|
void |
setScope(java.lang.String scope)
Set the scope to export the URL variable to.
|
void |
setValue(java.lang.String value)
Sets the value of the URL
|
void |
setVar(java.lang.String var)
Set the variable name to expose the URL under.
|
htmlEscape, isDefaultHtmlEscape, isHtmlEscape, isResponseEncodedHtmlEscape, setHtmlEscape
doCatch, doFinally, doStartTag, getRequestContext
doAfterBody, findAncestorWithClass, getId, getParent, getValue, getValues, release, removeValue, setId, setPageContext, setParent, setValue
public void setValue(java.lang.String value)
public void setContext(java.lang.String context)
public void setVar(java.lang.String var)
public void setScope(java.lang.String scope)
public void setJavaScriptEscape(boolean javaScriptEscape) throws JspException
JspException
public void addParam(Param param)
ParamAware
addParam
in interface ParamAware
param
- the result of the nested spring:param
tagpublic int doStartTagInternal() throws JspException
RequestContextAwareTag
doStartTagInternal
in class RequestContextAwareTag
JspException
TagSupport.doStartTag()
public int doEndTag() throws JspException
doEndTag
in interface Tag
doEndTag
in class TagSupport
JspException
protected java.lang.String createQueryString(java.util.List<Param> params, java.util.Set<java.lang.String> usedParams, boolean includeQueryStringDelimiter) throws JspException
The names and values of parameters are URL encoded.
params
- the parameters to build the query string fromusedParams
- set of parameter names that have been applied as
template paramsincludeQueryStringDelimiter
- true if the query string should start
with a '?' instead of '&'JspException
protected java.lang.String replaceUriTemplateParams(java.lang.String uri, java.util.List<Param> params, java.util.Set<java.lang.String> usedParams) throws JspException
Parameter values are URL encoded.
uri
- the URL with template parameters to replaceparams
- parameters used to replace template markersusedParams
- set of template parameter names that have been replacedJspException