Using JSTL Tag Library Validators
JSP 1.2 introduced a powerful mechanism for validation of the elements used in a page: the tag library validator described in Chapter 21. JSTL includes two generic validators you can configure and use in your application to control how scripting elements and custom tag libraries are used.
The ScriptFreeTLV
class is a validator that can be
configured to reject pages with scripting elements. To use it, you
can include it in the TLD for your custom library or
create a TLD file that defines it as the validator for a dummy
library, used only for validation:
<?xml version="1.0" encoding="ISO-8859-1" ?> <!DOCTYPE taglib PUBLIC "-//Sun Microsystems, Inc.//DTD JSP Tag Library 1.2//EN" "http://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd"> <taglib> <tlib-version>1.0</tlib-version> <jsp-version>1.2</jsp.version> <short-name>scriptfree</scriptfree> <uri>/scriptfree</uri> <description> Validates JSP pages to prohibit use of scripting elements. </description> <validator> <validator-class> javax.servlet.jsp.jstl.tlv.ScriptFreeTLV </validator-class> <init-param> <param-name>allowDeclarations</param-name> <param-value>false</param-value> </init-param> <init-param> <param-name>allowScriptlets</param-name> <param-value>false</param-value> </init-param> <init-param> <param-name>allowExpressions</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>allowRTExpressions</param-name> <param-value>true</param-value> </init-param> </validator> ...
Get JavaServer Pages, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.