What are the effects of disabling scripting in a JSP?

前端未结

关注

 2  447

I recently read how to disable scripting for an entire application by adding the following elements to the web.xml file:


                      
              相关标签:


      
      
        
          2条回答        

        
                         				            
            
           
            
                              
                
              
              
                
                  余生分开走        
                
              
                            
                2020-12-18 08:58
              
            
            
                                                                       
It disables scriptlets, which is basically java code in the JSP e.g.

<% request.getAttribute("bob"); %>

would not be allowed.

JSTL, EL, etc. will all work fine.
                                                                        
                                                        
            
            
              
                
                0
              
                 
                
               讨论(0)
              
              
                                                   
              
                                                            
            
                      
                    


               
            
    发布评论:
    
         
                        
    
    提交评论 
  
  

                    
                    
                    
                        
                        
                         加载中...
                        
                    
                
          
          	          
            
           
            
                              
                
              
              
                
                  没有蜡笔的小新        
                
              
                            
                2020-12-18 09:02
              
            
            
                                                                       
It disables scriptlets (<% %>), scriptlet expressions (<%= %>) and scriptlet declarations (<%! %>), which is a way of embedding raw Java code inside a JSP file. Using scriptlets has indeed been discouraged since the birth of taglibs/EL in favor of better readable and maintainable code.
See also:

Java EE 5 tutorial - disabling scripting

                                                                        
                                                        
            
            
              
                
                0
              
                 
                
               讨论(0)
              
              
                                                   
              
                                                            
            
                      
                    


               
            
    发布评论:
    
         
                        
    
    提交评论 
  
  

                    
                    
                    
                        
                        
                         加载中...
                        
                    
                
          
          	          
                             
        
        
          
            
            
              
              
            
    


                                 
              
            
                          
    

        
         
                验证码
                
                  
                
                
                   看不清?
                
              
                                  
                    
   
                 
             
              提交回复