Skip to content

Java web application enhancements library. Compile JSPs on startup. Escape JSP EL values to prevent cross-site scripting.

Notifications You must be signed in to change notification settings

garfeildma/webappenhance

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Java Web Application Enhancements Library

Utility library for Java web applications

Compile JSPs on startup

In the web.xml file, add a listener:

<listener>
  <listener-class>com.github.pukkaone.jsp.JspCompileListener</listener-class>
</listener> 

Escape JSP EL values to prevent cross-site scripting

In the web.xml file, add a listener:

<listener>
  <listener-class>com.github.pukkaone.jsp.EscapeXmlELResolverListener</listener-class>
</listener> 

Disable escaping

Use a custom tag to surround JSP code in which EL values should not be escaped:

<%@ taglib prefix="enhance" uri="http://pukkaone.github.com/jsp" %>

<enhance:out escapeXml="false">
  I hope this expression returns safe HTML: ${user.name}
</enhance:out>

Read model data in Jersey MVC JSP templates without "it."

Jersey's MVC framework exposes the model object to the JSP template as a request attribute named "it". To read a model property, a JSP template must evaluate an EL expression based on the "it" object, for example, ${it.propertyName}. This custom EL resolver exposes model properties as implicit objects, allowing a JSP template to read a model property with an EL expression like ${propertyName}.

In the web.xml file, add a listener:

<listener>
  <listener-class>com.github.pukkaone.jsp.ViewableModelELResolverListener</listener-class>
</listener> 

About

Java web application enhancements library. Compile JSPs on startup. Escape JSP EL values to prevent cross-site scripting.

Resources

Stars

Watchers

Forks

Packages

No packages published