Class UrlTag
- All Implemented Interfaces:
IterationTag
,JspTag
,Tag
,TryCatchFinally
,Serializable
,ParamAware
<url>
tag creates URLs. Modeled after the JSTL c:url
tag with
backwards compatibility in mind.
Enhancements to the JSTL functionality include:
- URL encoded template URI variables
- HTML/XML escaping of URLs
- JavaScript escaping of URLs
Template URI variables are indicated in the 'value'
attribute and marked by braces '{variableName}'. The braces and attribute name are
replaced by the URL encoded value of a parameter defined with the spring:param tag
in the body of the url tag. If no parameter is available the literal value is
passed through. Params matched to template variables will not be added to the query
string.
Use of the spring:param tag for URI template variables is strongly recommended over direct EL substitution as the values are URL encoded. Failure to properly encode URL can leave an application vulnerable to XSS and other injection attacks.
URLs can be HTML/XML escaped by setting the 'htmlEscape'
attribute to 'true'. Detects an HTML escaping setting, either on
this tag instance, the page level, or the web.xml
level. The default
is 'false'. When setting the URL value into a variable, escaping is not recommended.
Example usage:
<spring:url value="/url/path/{variableName}"> <spring:param name="variableName" value="more than JSTL c:url" /> </spring:url>
The above results in:
/currentApplicationContext/url/path/more%20than%20JSTL%20c%3Aurl
Attribute | Required? | Runtime Expression? | Description |
---|---|---|---|
value | true | true | The URL to build. This value can include template {placeholders} that are replaced with the URL encoded value of the named parameter. Parameters must be defined using the param tag inside the body of this tag. |
context | false | true | Specifies a remote application context path. The default is the current application context path. |
var | false | true | The name of the variable to export the URL value to. If not specified the URL is written as output. |
scope | false | true | The scope for the var. 'application', 'session', 'request' and 'page' scopes are supported. Defaults to page scope. This attribute has no effect unless the var attribute is also defined. |
htmlEscape | false | true | Set HTML escaping for this tag, as a boolean value. Overrides the default HTML escaping setting for the current page. |
javaScriptEscape | false | true | Set JavaScript escaping for this tag, as a boolean value.
Default is false . |
- Since:
- 3.0
- Author:
- Scott Andrews
- See Also:
-
Field Summary
Fields inherited from class org.springframework.web.servlet.tags.RequestContextAwareTag
logger, REQUEST_CONTEXT_PAGE_ATTRIBUTE
Fields inherited from class jakarta.servlet.jsp.tagext.TagSupport
id, pageContext
Fields inherited from interface jakarta.servlet.jsp.tagext.IterationTag
EVAL_BODY_AGAIN
Fields inherited from interface jakarta.servlet.jsp.tagext.Tag
EVAL_BODY_INCLUDE, EVAL_PAGE, SKIP_BODY, SKIP_PAGE
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
Callback hook for nested spring:param tags to pass their value to the parent tag.protected String
createQueryString
(List<Param> params, Set<String> usedParams, boolean includeQueryStringDelimiter) Build the query string from available parameters that have not already been applied as template params.int
doEndTag()
int
Called by doStartTag to perform the actual work.protected String
Replace template markers in the URL matching available parameters.void
setContext
(String context) Set the context path for the URL.void
setJavaScriptEscape
(boolean javaScriptEscape) Set JavaScript escaping for this tag, as boolean value.void
Set the scope to export the URL variable to.void
Set the value of the URL.void
Set the variable name to expose the URL under.Methods inherited from class org.springframework.web.servlet.tags.HtmlEscapingAwareTag
htmlEscape, isDefaultHtmlEscape, isHtmlEscape, isResponseEncodedHtmlEscape, setHtmlEscape
Methods inherited from class org.springframework.web.servlet.tags.RequestContextAwareTag
doCatch, doFinally, doStartTag, getRequestContext
Methods inherited from class jakarta.servlet.jsp.tagext.TagSupport
doAfterBody, findAncestorWithClass, getId, getParent, getValue, getValues, release, removeValue, setId, setPageContext, setParent, setValue
-
Constructor Details
-
UrlTag
public UrlTag()
-
-
Method Details
-
setValue
Set the value of the URL. -
setContext
Set the context path for the URL. Defaults to the current context. -
setVar
Set the variable name to expose the URL under. Defaults to rendering the URL to the current JspWriter -
setScope
Set the scope to export the URL variable to. This attribute has no meaning unless var is also defined. -
setJavaScriptEscape
Set JavaScript escaping for this tag, as boolean value. Default is "false".- Throws:
JspException
-
addParam
Description copied from interface:ParamAware
Callback hook for nested spring:param tags to pass their value to the parent tag.- Specified by:
addParam
in interfaceParamAware
- Parameters:
param
- the result of the nestedspring:param
tag
-
doStartTagInternal
Description copied from class:RequestContextAwareTag
Called by doStartTag to perform the actual work.- Specified by:
doStartTagInternal
in classRequestContextAwareTag
- Returns:
- same as TagSupport.doStartTag
- Throws:
JspException
- See Also:
-
doEndTag
- Specified by:
doEndTag
in interfaceTag
- Overrides:
doEndTag
in classTagSupport
- Throws:
JspException
-
createQueryString
protected String createQueryString(List<Param> params, Set<String> usedParams, boolean includeQueryStringDelimiter) throws JspException Build the query string from available parameters that have not already been applied as template params.The names and values of parameters are URL encoded.
- Parameters:
params
- the parameters to build the query string fromusedParams
- set of parameter names that have been applied as template paramsincludeQueryStringDelimiter
- true if the query string should start with a '?' instead of '&'- Returns:
- the query string
- Throws:
JspException
-
replaceUriTemplateParams
protected String replaceUriTemplateParams(String uri, List<Param> params, Set<String> usedParams) throws JspException Replace template markers in the URL matching available parameters. The name of matched parameters are added to the used parameters set.Parameter values are URL encoded.
- Parameters:
uri
- the URL with template parameters to replaceparams
- parameters used to replace template markersusedParams
- set of template parameter names that have been replaced- Returns:
- the URL with template parameters replaced
- Throws:
JspException
-