Using JSTL Tag Library Validators
JSP 1.2 introduced a powerful mechanism for validation of the elements used in a page: the tag library validator described in Chapter 22. JSTL includes two generic validators you can configure and use in your application to control how scripting elements and custom tag libraries are used.
The
ScriptFreeTLV
class is
a validator that can be configured to reject pages with scripting
elements. To use it, you can include it in the
TLD for your custom library or
create a TLD file that defines it as the validator for a dummy
library, used only for validation:
<?xml version="1.0" encoding="ISO-8859-1" ?> <taglib xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd" version="2.0"> <description> Validates JSP pages to prohibit use of scripting elements. </description> <tlib-version>1.1</tlib-version> <short-name>scriptfree</scriptfree> <uri>http://mycompany.org/taglibs/scriptfree</uri> <validator> <validator-class> javax.servlet.jsp.jstl.tlv.ScriptFreeTLV </validator-class> <init-param> <param-name>allowDeclarations</param-name> <param-value>false</param-value> </init-param> <init-param> <param-name>allowScriptlets</param-name> <param-value>false</param-value> </init-param> <init-param> <param-name>allowExpressions</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>allowRTExpressions</param-name> ...
Get JavaServer Pages, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.