JavaServer Pages, 3rd Edition

Controlling the Use of Scripting Elements

With all the new features available through the JSP EL, JSTL, and custom actions, scripting elements are rarely needed. A company may decide to implement a policy of forbidding scripting elements altogether, avoiding all the potential problems that scripting introduces. A policy like this can be enforced with the <scripting-invalid> element, for all or selected parts of the application:

<web-app ...>
  ...
  <jsp-config>
    <jsp-property-group>
      <url-pattern>*.jsp</url-pattern>
      <scripting-invalid>true</scripting-invalid>
    </jsp-property-grop>
  </jsp-config>
  ...
</web-app>

With this configuration, the container refuses to process a JSP page that contains any scripting element (i.e., a scripting declaration, expression, or scriptlet). Since this represents a policy decision, there’s no way to override this value in an individual JSP page.

Get JavaServer Pages, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

JavaServer Pages, 3rd Edition by Hans Bergsten

Controlling the Use of Scripting Elements

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly