Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/pukkaone/webappenhance

Java web application enhancements library. Compile JSPs on startup. Escape JSP EL values to prevent cross-site scripting.
https://github.com/pukkaone/webappenhance

Last synced: 4 days ago
JSON representation

Java web application enhancements library. Compile JSPs on startup. Escape JSP EL values to prevent cross-site scripting.

Awesome Lists containing this project

README 

        
# Java Web Application Enhancements Library



Utility library for Java web applications



## Add library to your project



Add this Maven dependency:



    

      com.github.pukkaone

      webappenhance

      1.0.1

    



## Compile JSPs on startup



In the `web.xml` file, add a listener:



    

      com.github.pukkaone.jsp.JspCompileListener

     



## Escape JSP EL values to prevent cross-site scripting



In the `web.xml` file, add a listener:



    

      com.github.pukkaone.jsp.EscapeXmlELResolverListener

     



### Disable escaping



Use a custom tag to surround JSP code in which EL values should not be escaped:



    <%@ taglib prefix="enhance" uri="http://pukkaone.github.com/jsp" %>



    

      I hope this expression returns safe HTML: ${user.name}

    



## Read model data in Jersey MVC JSP templates without "it."



Jersey's MVC framework exposes the model object to the JSP template as a

request attribute named "it".  To read the model data, a JSP template must

evaluate an EL expression reading a property of this object, for example,

`${it.propertyName}`.  This custom EL resolver exposes model properties as

implicit objects, allowing a JSP template to read a model property with an EL

expression like `${propertyName}`.



In the `web.xml` file, add a listener:



    

      com.github.pukkaone.jsp.ViewableModelELResolverListener