Reputation: 773
What are the effects of disabling scripting in a JSP?
I recently read how to disable scripting for an entire application by adding the following elements to the web.xml file:
<jsp-config>
<jsp-property-group>
<url-pattern>*.jsp</url-pattern>
<scripting-invalid>true</scripting-invalid>
</jsp-property-group>
</jsp-config>
It went on to state that doing this forces you to always use standard JSP tags, EL, and JSTL instead of scripting, but it doesn't define 'scripting'. I was under the impression that EL is a form of scripting, and now I'm left wondering what is it I can't do exactly, after I disable scripting?
Upvotes: 5
Views: 4149
Answers (2)
Reputation: 1109172
It disables scriptlets (<% %>), scriptlet expressions (<%= %>) and scriptlet declarations (<%! %>), which is a way of embedding raw Java code inside a JSP file. Using scriptlets has indeed been discouraged since the birth of taglibs/EL in favor of better readable and maintainable code.
See also:
Upvotes: 9
Reputation: 12633
It disables scriptlets, which is basically java code in the JSP e.g.
<% request.getAttribute("bob"); %>
would not be allowed.
JSTL, EL, etc. will all work fine.
Upvotes: 2
Related Questions
- How can I avoid Java code in JSP files, using JSP 2?
- Why do scriptlets exist in JSP?
- Why is putting Java code inside JSP encouraged?
- The only proper use of a scriptlet in JSP
- how to prevent the jsp to execute
- script inside scriptlet - bad practice how to avoid
- What kind of problems may occur when executing a JSP page?
- Does using scriptlets affect the performance in JSP?
- JSP scripting questions
- Why is it not advisable to use JavaScript in JSP?