javax.servlet.jsp.jstl.tlv: public class: ScriptFreeTLV

javax.servlet.jsp.jstl.tlv
public class: ScriptFreeTLV [javadoc | source]

java.lang.Object
   javax.servlet.jsp.tagext.TagLibraryValidator
      javax.servlet.jsp.jstl.tlv.ScriptFreeTLV

A TagLibraryValidator for enforcing restrictions against the use of JSP scripting elements.

This TLV supports four initialization parameters, for controlling which of the four types of scripting elements are allowed or prohibited:

allowDeclarations: if true, indicates that declaration elements are not prohibited.
allowScriptlets: if true, indicates that scriptlets are not prohibited
allowExpressions: if true, indicates that top-level expression elements (i.e., expressions not associated with request-time attribute values) are not prohibited.
allowRTExpressions: if true, indicates that expression elements associated with request-time attribute values are not prohibited.

The default value for all for initialization parameters is false, indicating all forms of scripting elements are to be prohibited.

author:

 -  href="mailto:mak@taglib.com">Mark A. Kolb

author: Shawn -  Bayern (minor changes)










    







    












    Constructor:
 public ScriptFreeTLV() {
    factory = SAXParserFactory.newInstance();
    factory.setValidating(false);
    factory.setNamespaceAware(true);
}
Constructs a new validator instance.
Initializes the parser factory to create non-validating, namespace-aware
SAX parsers.









    Method from javax.servlet.jsp.jstl.tlv.ScriptFreeTLV Summary:

setInitParameters,   validate
Methods from javax.servlet.jsp.tagext.TagLibraryValidator:

getInitParameters,   release,   setInitParameters,   validate
Methods from java.lang.Object:

clone,   equals,   finalize,   getClass,   hashCode,   notify,   notifyAll,   toString,   wait,   wait,   wait
Method from javax.servlet.jsp.jstl.tlv.ScriptFreeTLV Detail:
 public  void setInitParameters(Map<String, Object> initParms) {
    super.setInitParameters(initParms);
    String declarationsParm = (String) initParms.get("allowDeclarations");
    String scriptletsParm = (String) initParms.get("allowScriptlets");
    String expressionsParm = (String) initParms.get("allowExpressions");
    String rtExpressionsParm = (String) initParms.get("allowRTExpressions");
    allowDeclarations = "true".equalsIgnoreCase(declarationsParm);
    allowScriptlets = "true".equalsIgnoreCase(scriptletsParm);
    allowExpressions = "true".equalsIgnoreCase(expressionsParm);
    allowRTExpressions = "true".equalsIgnoreCase(rtExpressionsParm);
}
Sets the values of the initialization parameters, as supplied in the TLD.
 public ValidationMessage[] validate(String prefix,
    String uri,
    PageData page) {
    InputStream in = null;
    SAXParser parser;
    MyContentHandler handler = new MyContentHandler();
    try {
      synchronized (factory) {
	parser = factory.newSAXParser();
      }
      in = page.getInputStream();
      parser.parse(in, handler);
    }
    catch (ParserConfigurationException e) {
      return vmFromString(e.toString());
    }
    catch (SAXException e) {
      return vmFromString(e.toString());
    }
    catch (IOException e) {
      return vmFromString(e.toString());
    }
    finally {
      if (in != null) try { in.close(); } catch (IOException e) {}
    }
    return handler.reportResults();
}
Validates a single JSP page.