在 JSP 中禁用脚本会产生什么影响?
我最近阅读了如何通过将以下元素添加到 web.xml 文件来禁用整个应用程序的脚本:
<jsp-config>
<jsp-property-group>
<url-pattern>*.jsp</url-pattern>
<scripting-invalid>true</scripting-invalid>
</jsp-property-group>
</jsp-config>
它接着指出,这样做会强制您始终使用标准 JSP 标记、EL 和 JSTL 而不是脚本,但它没有定义“脚本”。我的印象是 EL 是一种脚本形式,现在我想知道在禁用脚本之后我到底不能做什么?
I recently read how to disable scripting for an entire application by adding the following elements to the web.xml file:
<jsp-config>
<jsp-property-group>
<url-pattern>*.jsp</url-pattern>
<scripting-invalid>true</scripting-invalid>
</jsp-property-group>
</jsp-config>
It went on to state that doing this forces you to always use standard JSP tags, EL, and JSTL instead of scripting, but it doesn't define 'scripting'. I was under the impression that EL is a form of scripting, and now I'm left wondering what is it I can't do exactly, after I disable scripting?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
它禁用 scriptlet (
<% %>), scriptlet表达式 (<%= %>) 和 scriptlet 声明 (<%! %>),这是一种将原始 Java 代码嵌入到JSP 文件。使用scriptlet确实不鼓励 自 taglibs/EL 诞生以来,就支持更好的可读性和可维护性的代码。另请参阅:
It disables scriptlets (
<% %>), scriptlet expressions (<%= %>) and scriptlet declarations (<%! %>), which is a way of embedding raw Java code inside a JSP file. Using scriptlets has indeed been discouraged since the birth of taglibs/EL in favor of better readable and maintainable code.See also:
它禁用 scriptlet,它基本上是 JSP 中的 java 代码,例如
<% request.getAttribute("bob"); %>
不会被允许的。
JSTL、EL 等都可以正常工作。
It disables scriptlets, which is basically java code in the JSP e.g.
<% request.getAttribute("bob"); %>
would not be allowed.
JSTL, EL, etc. will all work fine.