FileDocCategorySizeDatePackage
ScriptFreeTLV.javaAPI DocGlassfish v2 API10464Sat May 05 19:17:14 BST 2007javax.servlet.jsp.jstl.tlv

ScriptFreeTLV

public class ScriptFreeTLV extends javax.servlet.jsp.tagext.TagLibraryValidator

A TagLibraryValidator for enforcing restrictions against the use of JSP scripting elements.

This TLV supports four initialization parameters, for controlling which of the four types of scripting elements are allowed or prohibited:

  • allowDeclarations: if true, indicates that declaration elements are not prohibited.
  • allowScriptlets: if true, indicates that scriptlets are not prohibited
  • allowExpressions: if true, indicates that top-level expression elements (i.e., expressions not associated with request-time attribute values) are not prohibited.
  • allowRTExpressions: if true, indicates that expression elements associated with request-time attribute values are not prohibited.

The default value for all for initialization parameters is false, indicating all forms of scripting elements are to be prohibited.

author
Mark A. Kolb
author
Shawn Bayern (minor changes)

Fields Summary
private boolean
allowDeclarations
private boolean
allowScriptlets
private boolean
allowExpressions
private boolean
allowRTExpressions
private SAXParserFactory
factory
Constructors Summary
public ScriptFreeTLV()
Constructs a new validator instance. Initializes the parser factory to create non-validating, namespace-aware SAX parsers.


                    
     
    factory = SAXParserFactory.newInstance();
    factory.setValidating(false);
    factory.setNamespaceAware(true);
Methods Summary
public voidsetInitParameters(java.util.Map initParms)
Sets the values of the initialization parameters, as supplied in the TLD.

param
initParms a mapping from the names of the initialization parameters to their values, as specified in the TLD.

    super.setInitParameters(initParms);
    String declarationsParm = (String) initParms.get("allowDeclarations");
    String scriptletsParm = (String) initParms.get("allowScriptlets");
    String expressionsParm = (String) initParms.get("allowExpressions");
    String rtExpressionsParm = (String) initParms.get("allowRTExpressions");

    allowDeclarations = "true".equalsIgnoreCase(declarationsParm);
    allowScriptlets = "true".equalsIgnoreCase(scriptletsParm);
    allowExpressions = "true".equalsIgnoreCase(expressionsParm);
    allowRTExpressions = "true".equalsIgnoreCase(rtExpressionsParm);
public javax.servlet.jsp.tagext.ValidationMessage[]validate(java.lang.String prefix, java.lang.String uri, javax.servlet.jsp.tagext.PageData page)
Validates a single JSP page.

param
prefix the namespace prefix specified by the page for the custom tag library being validated.
param
uri the URI specified by the page for the TLD of the custom tag library being validated.
param
page a wrapper around the XML representation of the page being validated.
return
null, if the page is valid; otherwise, a ValidationMessage[] containing one or more messages indicating why the page is not valid.

    InputStream in = null;
    SAXParser parser;
    MyContentHandler handler = new MyContentHandler();
    try {
      synchronized (factory) {
	parser = factory.newSAXParser();
      }
      in = page.getInputStream();
      parser.parse(in, handler);
    }
    catch (ParserConfigurationException e) {
      return vmFromString(e.toString());
    }
    catch (SAXException e) {
      return vmFromString(e.toString());
    }
    catch (IOException e) {
      return vmFromString(e.toString());
    }
    finally {
      if (in != null) try { in.close(); } catch (IOException e) {}
    }
    return handler.reportResults();
private static javax.servlet.jsp.tagext.ValidationMessage[]vmFromString(java.lang.String message)

    return new ValidationMessage[] {
      new ValidationMessage(null, message)
    };