Class UrlTag

All Implemented Interfaces:
IterationTag, JspTag, Tag, TryCatchFinally, Serializable, ParamAware

public class UrlTag extends HtmlEscapingAwareTag implements ParamAware
The <url> tag creates URLs. Modeled after the JSTL c:url tag with backwards compatibility in mind.

Enhancements to the JSTL functionality include:

  • URL encoded template URI variables
  • HTML/XML escaping of URLs
  • JavaScript escaping of URLs

Template URI variables are indicated in the 'value' attribute and marked by braces '{variableName}'. The braces and attribute name are replaced by the URL encoded value of a parameter defined with the spring:param tag in the body of the url tag. If no parameter is available the literal value is passed through. Params matched to template variables will not be added to the query string.

Use of the spring:param tag for URI template variables is strongly recommended over direct EL substitution as the values are URL encoded. Failure to properly encode URL can leave an application vulnerable to XSS and other injection attacks.

URLs can be HTML/XML escaped by setting the 'htmlEscape' attribute to 'true'. Detects an HTML escaping setting, either on this tag instance, the page level, or the web.xml level. The default is 'false'. When setting the URL value into a variable, escaping is not recommended.

Example usage:

<spring:url value="/url/path/{variableName}">
   <spring:param name="variableName" value="more than JSTL c:url" />

The above results in: /currentApplicationContext/url/path/more%20than%20JSTL%20c%3Aurl

Attribute Summary
Attribute Required? Runtime Expression? Description
value true true The URL to build. This value can include template {placeholders} that are replaced with the URL encoded value of the named parameter. Parameters must be defined using the param tag inside the body of this tag.
context false true Specifies a remote application context path. The default is the current application context path.
var false true The name of the variable to export the URL value to. If not specified the URL is written as output.
scope false true The scope for the var. 'application', 'session', 'request' and 'page' scopes are supported. Defaults to page scope. This attribute has no effect unless the var attribute is also defined.
htmlEscape false true Set HTML escaping for this tag, as a boolean value. Overrides the default HTML escaping setting for the current page.
javaScriptEscape false true Set JavaScript escaping for this tag, as a boolean value. Default is false.
Scott Andrews
See Also:
  • Constructor Details

    • UrlTag

      public UrlTag()
  • Method Details

    • setValue

      public void setValue(String value)
      Set the value of the URL.
    • setContext

      public void setContext(String context)
      Set the context path for the URL. Defaults to the current context.
    • setVar

      public void setVar(String var)
      Set the variable name to expose the URL under. Defaults to rendering the URL to the current JspWriter
    • setScope

      public void setScope(String scope)
      Set the scope to export the URL variable to. This attribute has no meaning unless var is also defined.
    • setJavaScriptEscape

      public void setJavaScriptEscape(boolean javaScriptEscape) throws JspException
      Set JavaScript escaping for this tag, as boolean value. Default is "false".
    • addParam

      public void addParam(Param param)
      Description copied from interface: ParamAware
      Callback hook for nested spring:param tags to pass their value to the parent tag.
      Specified by:
      addParam in interface ParamAware
      param - the result of the nested spring:param tag
    • doStartTagInternal

      public int doStartTagInternal() throws JspException
      Description copied from class: RequestContextAwareTag
      Called by doStartTag to perform the actual work.
      Specified by:
      doStartTagInternal in class RequestContextAwareTag
      same as TagSupport.doStartTag
      See Also:
    • doEndTag

      public int doEndTag() throws JspException
      Specified by:
      doEndTag in interface Tag
      doEndTag in class TagSupport
    • createQueryString

      protected String createQueryString(List<Param> params, Set<String> usedParams, boolean includeQueryStringDelimiter) throws JspException
      Build the query string from available parameters that have not already been applied as template params.

      The names and values of parameters are URL encoded.

      params - the parameters to build the query string from
      usedParams - set of parameter names that have been applied as template params
      includeQueryStringDelimiter - true if the query string should start with a '?' instead of '&'
      the query string
    • replaceUriTemplateParams

      protected String replaceUriTemplateParams(String uri, List<Param> params, Set<String> usedParams) throws JspException
      Replace template markers in the URL matching available parameters. The name of matched parameters are added to the used parameters set.

      Parameter values are URL encoded.

      uri - the URL with template parameters to replace
      params - parameters used to replace template markers
      usedParams - set of template parameter names that have been replaced
      the URL with template parameters replaced