I want to read the form parameter data using scriptlet in #jsp. But i do not want to use any java code in JSP. Then do i need Expression Language or #JSTL or what?
Just noting this here in case anyone else has a similar issue.
If you're directing a request directly to a JSP, using Apache Tomcat web.xml configuration, then ${requestScope.attr} doesn't seem to work, instead ${param.attr} contains the request attribute attr.
Related
I'm creating a debugging tool that logs output for a specific (and commonly used) jsp tag. It would be helpful if i could also log the name of the jsp page and the line number where the custom tag is called.
Is it possible to get access to the jsp name and line number where a custom tag is called from inside the custom tag?
No, you can not get a line number, where a custom tag is called.
Also you can not get exact JSP name, but via PageContext object, which is available to you in TagSupport, you can get servlet name (which will look like 'index_jsp'):
((Servlet)pageContext.getPage()).getServletConfig().getServletName()
But this is not specified in any specification, so naming scheme differs between JSP containers.
I am passing some param with value from my JSP file and before that I am using Apache StringEscapeUtils to avoid any XSS attack script execution using param value
for example, if somebody inserting value like this and gain access
Cross script test is currently failing when something like this is passed as value
site_locale=en_US%2F%3E%3Ciframe+src%3Djavascript%3Aalert%28116%29+
Blind SQL Injection test is currently failing when something like this is passed
isMgr=true%27+and+%27f%27%3D%27f%27%29+--+
My question here is whether StringEscapeUtils.escapeHtml will save from above type of param value passed or do i need any other library
I also wanted to confirm if the way I am calling StringEscapeUtils in JSP is correct or not
<input type="hidden" name="site_locale" value= <%= StringEscapeUtils.escapeHtml(site_locale) %> >
Appreciate any pointers here
Thanks
Try this.
Utility class for HTML form encoding
URLEncoder.encode(yoururlhere, "UTF-8")
Similar way, we have
java.net.URLDecoder.decode(yoururlhere, "UTF-8");
I have a class language having features ID and Name.
I have another class Language_List that has ArrayList<language> lang as a member variable.
In my JSP page I want to access the Name variable of ArrayList<language> lang using EL and For each Loop.
<c:forEach var="language" items="${languages.lang}">
${language}<br>
</c:forEach>
However, it doesn't show ant result and intellisense doesn't work too. Anyone who can help me with this
PS: languages is a Bean variable contain list of languages from DB
I tried this and got this
<b>${languages.lang}</b>
HTML
[sakila.language#f1541c, sakila.language#63c8fabf, sakila.language#1fc644c7, sakila.language#11cd751d, sakila.language#47c3cc0c, sakila.language#7894ca3, sakila.language#47066532, sakila.language#74ddda0b, sakila.language#1116441e, sakila.language#4cd21655, sakila.language#74b84dd9, sakila.language#6fff1d6c, sakila.language#55e4d6e5, sakila.language#22d88071, sakila.language#33d88c96, sakila.language#4df5e671, sakila.language#4aec2cb3, sakila.language#576ac232, sakila.language#76a6dbd7, sakila.language#44ab3d1c, sakila.language#46391c7c, sakila.language#4f7d34e8, sakila.language#251c941d, sakila.language#77400ef3]
The EL doesn't access fields of your objects. It accesses bean properties of your objects. This means that ${languages.lang} is translated to a call to languages.getLang().
If you don't have such a getter, you'll get an exception though. If it just doesn't display anything, it's probably because languages is null, or because its lang list is null or empty. To confirm or infirm those guesses, we need to see the code where you create and populate the bean and its list of languages, and where you store it somewhere to make it accessible from the JSP.
Another possibility is that you forgot to declare the core taglib at the beginning of the JSP. To confirm or infirm that, paste the code of the JSP, and the HTML code generated by the JSP (using View page source in the browser)
I'm starting building web apps in Spring 3 (and in J2EE) in general.
Looking at the petclinic example I've seen that the programmer creates many JSP pieces, like header, includes, footer and then stitches them together using static inclusion. Anyway what I'd like is that I may have a base page, like Base.jsp and be able to include things like this:
<body>
<jsp:include page="${subpage}"></jsp:include>
</body>
the reason is that I'd like a main page, then being able to put in the ModelAndView returned by the controller which parts of the pages display in each situation (with the data attached to it). This works, but it gives no errors in case ${subpage} is not found, the jsp name is wrong or missing. I'd like more error checking...
Is this the best and recommended way to do this? And if this seems a good idea for what I've in mind, what's the correct way of doing it?
You might want to use Apache Tiles 2 integration for managing your JSP files. Spring has good integration support Apache Tiles. It also shows if there's an error in your page. I've put an example of it at http://krams915.blogspot.com/2010/12/spring-mvc-3-tiles-2-integration.html
It appears you have additional quotes in your subpage. Get rid of them. For example:
<c:set var="subpage" value="/jsp/index.jsp" />
If you have to set it in a controller or servlet - just use request.setAttribute("subpage", "/jsp/index.jsp")
For error checking you can use:
<c:catch var="myException">
<c:import url="${subpage}" />
</c:catch>
and later you can check it with:
<c:if test="${myException != null}">
...
</c:if>
Take a look at Sitemesh (http://www.opensymphony.com/sitemesh). It is a servlet filter-based page layout system that is easy to use. I have done a number of projects using it with Spring MVC and it worked very well.
Is there a cleaner way to do this in a JSP/Struts1 setup ?
... some HTML here ...
EDIT: In admin mode I would like to have access to additional parameters from a form element,
e.g. from the form element:
input type="text" value="Test user" name="Owner"
EDIT 2: Actually, my problem is very similar to the question that was asked in : Conditionally Render In JSP By User
But I don't really get the "pseudo-code" from the likely answer
Is SessionConfig exposed as a bean in your JSP (as part of request / session / Struts Form)?
If it's not, you can expose it. And if it's a static class containing global settings (which, by the looks of it, is a possibility), you can create a small wrapper and put it in the servlet context which you'd then be able to access from Struts tags as scope="application".
Once that's done you can check your condition via Struts tags:
<logic:equal name="sessionConfig" property="adminMode" value="true">
... your HTML here
</logic:equal>
Or, if you're using EL / JSTL, same can be done via <core:if>.
Without more information, it's hard to answer this, but I'd think instead of separate views: one for admin mode, one for normal mode. Extracting the parts of your pages into tiles will help you do this without a lot of pain; see: http://tiles.apache.org/