Processing the Action Body
So far, the tag files we’ve looked at ignore (or
actually forbid) the body of the custom action element used to invoke
them, but the body is often an important part of the equation. One
example is a conditional custom action, such as a variation of the
<c:if>
JSTL action. It needs to process the
body if the condition is true. Another example is a custom action
that transforms the body in some way or simply uses it as input.
Let’s develop a custom action that transforms
its body content. It first converts all characters that have special
meaning in HTML and XML to the corresponding
character entity codes (e.g.,
<
to <
), and then
converts special proprietary codes into HTML elements. A custom
action like this can be used to process user input in an online forum
to protect it against cross-site scripting attacks while
still allowing for limited formatting of the messages.
Here’s how you can use this custom action in a JSP
page:
<%@ page contentType="text/html" %> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <%@ taglib prefix="my" tagdir="/WEB-INF/tags/mytags" %> <%-- Create test data --%> <c:set var="message"> This is just a lot of text that the browser will format to fit the browser window. Attempts to <blink> add HTML elements are dealt with by conversion to character entities. [code] This part I want the browser to leave alone, so that all my indentations are left intact: public class Foo { public String getBar( ) { return bar; } } ...
Get JavaServer Pages, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.