public class UrlTag extends HtmlEscapingAwareTag implements ParamAware
Enhancements to the JSTL functionality include:
Template URI variables are indicated in the 'value'
attribute and marked by braces '{variableName}'. The braces and attribute name are
replaced by the URL encoded value of a parameter defined with the spring:param tag
in the body of the url tag. If no parameter is available the literal value is
passed through. Params matched to template variables will not be added to the query
string.
Use of the spring:param tag for URI template variables is strongly recommended over direct EL substitution as the values are URL encoded. Failure to properly encode URL can leave an application vulnerable to XSS and other injection attacks.
URLs can be HTML/XML escaped by setting the 'htmlEscape' attribute to 'true'. Detects an HTML escaping setting, either on
this tag instance, the page level, or the web.xml level. The default
is 'false'. When setting the URL value into a variable, escaping is not recommended.
Example usage:
<spring:url value="/url/path/{variableName}">
<spring:param name="variableName" value="more than JSTL c:url" />
</spring:url>
Results in:
/currentApplicationContext/url/path/more%20than%20JSTL%20c%3AurlParamTag,
Serialized Formlogger, REQUEST_CONTEXT_PAGE_ATTRIBUTEid, pageContextEVAL_BODY_AGAINEVAL_BODY_INCLUDE, EVAL_PAGE, SKIP_BODY, SKIP_PAGE| Constructor and Description |
|---|
UrlTag() |
| Modifier and Type | Method and Description |
|---|---|
void |
addParam(Param param)
Callback hook for nested spring:param tags to pass their value
to the parent tag.
|
protected String |
createQueryString(List<Param> params,
Set<String> usedParams,
boolean includeQueryStringDelimiter)
Build the query string from available parameters that have not already
been applied as template params.
|
int |
doEndTag() |
int |
doStartTagInternal()
Called by doStartTag to perform the actual work.
|
protected String |
replaceUriTemplateParams(String uri,
List<Param> params,
Set<String> usedParams)
Replace template markers in the URL matching available parameters.
|
void |
setContext(String context)
Set the context path for the URL.
|
void |
setJavaScriptEscape(boolean javaScriptEscape)
Set JavaScript escaping for this tag, as boolean value.
|
void |
setScope(String scope)
Set the scope to export the URL variable to.
|
void |
setValue(String value)
Sets the value of the URL
|
void |
setVar(String var)
Set the variable name to expose the URL under.
|
isDefaultHtmlEscape, isHtmlEscape, setHtmlEscapedoCatch, doFinally, doStartTag, getRequestContextdoAfterBody, findAncestorWithClass, getId, getParent, getValue, getValues, release, removeValue, setId, setPageContext, setParent, setValuepublic void setValue(String value)
public void setContext(String context)
public void setVar(String var)
public void setScope(String scope)
public void setJavaScriptEscape(boolean javaScriptEscape)
throws JspException
JspExceptionpublic void addParam(Param param)
ParamAwareaddParam in interface ParamAwareparam - the result of the nested spring:param tagpublic int doStartTagInternal()
throws JspException
RequestContextAwareTagdoStartTagInternal in class RequestContextAwareTagJspExceptionTagSupport.doStartTag()public int doEndTag()
throws JspException
doEndTag in interface TagdoEndTag in class TagSupportJspExceptionprotected String createQueryString(List<Param> params, Set<String> usedParams, boolean includeQueryStringDelimiter) throws JspException
The names and values of parameters are URL encoded.
params - the parameters to build the query string fromusedParams - set of parameter names that have been applied as
template paramsincludeQueryStringDelimiter - true if the query string should start
with a '?' instead of '&'JspExceptionprotected String replaceUriTemplateParams(String uri, List<Param> params, Set<String> usedParams) throws JspException
Parameter values are URL encoded.
uri - the URL with template parameters to replaceparams - parameters used to replace template markersusedParams - set of template parameter names that have been replacedJspException