Class UrlTag
- All Implemented Interfaces:
IterationTag,JspTag,Tag,TryCatchFinally,Serializable,ParamAware
<url> tag creates URLs. Modeled after the JSTL c:url tag with
backwards compatibility in mind.
Enhancements to the JSTL functionality include:
- URL encoded template URI variables
- HTML/XML escaping of URLs
- JavaScript escaping of URLs
Template URI variables are indicated in the 'value'
attribute and marked by braces '{variableName}'. The braces and attribute name are
replaced by the URL encoded value of a parameter defined with the spring:param tag
in the body of the url tag. If no parameter is available the literal value is
passed through. Params matched to template variables will not be added to the query
string.
Use of the spring:param tag for URI template variables is strongly recommended over direct EL substitution as the values are URL encoded. Failure to properly encode URL can leave an application vulnerable to XSS and other injection attacks.
URLs can be HTML/XML escaped by setting the 'htmlEscape' attribute to 'true'. Detects an HTML escaping setting, either on
this tag instance, the page level, or the web.xml level. The default
is 'false'. When setting the URL value into a variable, escaping is not recommended.
Example usage:
<spring:url value="/url/path/{variableName}">
<spring:param name="variableName" value="more than JSTL c:url" />
</spring:url>
The above results in:
/currentApplicationContext/url/path/more%20than%20JSTL%20c%3Aurl
| Attribute | Required? | Runtime Expression? | Description |
|---|---|---|---|
| value | true | true | The URL to build. This value can include template {placeholders} that are replaced with the URL encoded value of the named parameter. Parameters must be defined using the param tag inside the body of this tag. |
| context | false | true | Specifies a remote application context path. The default is the current application context path. |
| var | false | true | The name of the variable to export the URL value to. If not specified the URL is written as output. |
| scope | false | true | The scope for the var. 'application', 'session', 'request' and 'page' scopes are supported. Defaults to page scope. This attribute has no effect unless the var attribute is also defined. |
| htmlEscape | false | true | Set HTML escaping for this tag, as a boolean value. Overrides the default HTML escaping setting for the current page. |
| javaScriptEscape | false | true | Set JavaScript escaping for this tag, as a boolean value. Default is false. |
- Since:
- 3.0
- Author:
- Scott Andrews
- See Also:
-
Field Summary
Fields inherited from class org.springframework.web.servlet.tags.RequestContextAwareTag
logger, REQUEST_CONTEXT_PAGE_ATTRIBUTEFields inherited from class jakarta.servlet.jsp.tagext.TagSupport
id, pageContextFields inherited from interface jakarta.servlet.jsp.tagext.IterationTag
EVAL_BODY_AGAINFields inherited from interface jakarta.servlet.jsp.tagext.Tag
EVAL_BODY_INCLUDE, EVAL_PAGE, SKIP_BODY, SKIP_PAGE -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidCallback hook for nested spring:param tags to pass their value to the parent tag.protected StringcreateQueryString(List<Param> params, Set<String> usedParams, boolean includeQueryStringDelimiter) Build the query string from available parameters that have not already been applied as template params.intdoEndTag()intCalled by doStartTag to perform the actual work.protected StringReplace template markers in the URL matching available parameters.voidsetContext(String context) Set the context path for the URL.voidsetJavaScriptEscape(boolean javaScriptEscape) Set JavaScript escaping for this tag, as boolean value.voidSet the scope to export the URL variable to.voidSet the value of the URL.voidSet the variable name to expose the URL under.Methods inherited from class org.springframework.web.servlet.tags.HtmlEscapingAwareTag
htmlEscape, isDefaultHtmlEscape, isHtmlEscape, isResponseEncodedHtmlEscape, setHtmlEscapeMethods inherited from class org.springframework.web.servlet.tags.RequestContextAwareTag
doCatch, doFinally, doStartTag, getRequestContextMethods inherited from class jakarta.servlet.jsp.tagext.TagSupport
doAfterBody, findAncestorWithClass, getId, getParent, getValue, getValues, release, removeValue, setId, setPageContext, setParent, setValue
-
Constructor Details
-
UrlTag
public UrlTag()
-
-
Method Details
-
setValue
Set the value of the URL. -
setContext
Set the context path for the URL. Defaults to the current context. -
setVar
Set the variable name to expose the URL under. Defaults to rendering the URL to the current JspWriter -
setScope
Set the scope to export the URL variable to. This attribute has no meaning unless var is also defined. -
setJavaScriptEscape
Set JavaScript escaping for this tag, as boolean value. Default is "false".- Throws:
JspException
-
addParam
Description copied from interface:ParamAwareCallback hook for nested spring:param tags to pass their value to the parent tag.- Specified by:
addParamin interfaceParamAware- Parameters:
param- the result of the nestedspring:paramtag
-
doStartTagInternal
Description copied from class:RequestContextAwareTagCalled by doStartTag to perform the actual work.- Specified by:
doStartTagInternalin classRequestContextAwareTag- Returns:
- same as TagSupport.doStartTag
- Throws:
JspException- See Also:
-
doEndTag
- Specified by:
doEndTagin interfaceTag- Overrides:
doEndTagin classTagSupport- Throws:
JspException
-
createQueryString
protected String createQueryString(List<Param> params, Set<String> usedParams, boolean includeQueryStringDelimiter) throws JspException Build the query string from available parameters that have not already been applied as template params.The names and values of parameters are URL encoded.
- Parameters:
params- the parameters to build the query string fromusedParams- set of parameter names that have been applied as template paramsincludeQueryStringDelimiter- true if the query string should start with a '?' instead of '&'- Returns:
- the query string
- Throws:
JspException
-
replaceUriTemplateParams
protected String replaceUriTemplateParams(String uri, List<Param> params, Set<String> usedParams) throws JspException Replace template markers in the URL matching available parameters. The name of matched parameters are added to the used parameters set.Parameter values are URL encoded.
- Parameters:
uri- the URL with template parameters to replaceparams- parameters used to replace template markersusedParams- set of template parameter names that have been replaced- Returns:
- the URL with template parameters replaced
- Throws:
JspException
-