Wednesday, February 10, 2016

JSTL : Adding a custom EL function

I am out putting URLS in my JSP pages and wanted to encode those URLS to avoid cross site scripting , The bets solution I can think about was to create a custom EL function for URL encoding and use it in my jsp pages.


Below is how to do that


Create a class with your function




package com.mycompany.myproject.util;

import java.net.URI;

import java.net.URISyntaxException;

import javax.servlet.jsp.tagext.TagSupport;

 

@SuppressWarnings("serial")

public class FunctionForJSTL  {

 

       /**

        * This method will return the encoded URL

        * http://stackoverflow.com/questions/5053975/how-to-url-encode-a-string-with-jstl

        * From above Stackoverflow link

        *  URLEncoder.encode() is actually not the correct way to encode a URL. It is the correct way to encode a URL parameter. It changes spaces to + for example. The correct technique is new URI(null, url, null).toASCIIString(), which for example changes spaces to %20.

        * @param url

        * @return

        * @throws URISyntaxException

        */

       public static String urlEncode(String url) throws URISyntaxException{

              String escapedURL=null;

              if(url!=null){

                     escapedURL =new URI(null, url, null).toASCIIString();

                     return escapedURL;

              }

              else

                     return url;

       }

}


Create TLD file put it under WEB-INF



<?xml version="1.0" encoding="UTF-8" ?>

<taglib

    xmlns="http://java.sun.com/xml/ns/javaee"

    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-jsptaglibrary_2_1.xsd"

    version="2.1">

    <display-name>Custom Functions</display-name>   

    <tlib-version>1.0</tlib-version>

    <uri>http://example.com/functions</uri>

    <function>

        <name>urlEncode</name>

        <function-class>com.mycompany.myproject.util.FunctionForJSTL</function-class>

        <function-signature>java.lang.String urlEncode(java.lang.String)</function-signature>

    </function>

</taglib>

Use In your JSP

Taglib import statement

<%@taglib uri="/WEB-INF/functions.tld" prefix="f" %>

JSP EL

${f:urlEncode(anyURL)}

No comments:

Post a Comment