org.springframework.web.servlet.tags.EscapeBodyTag Maven / Gradle / Ivy
/*
* Copyright 2002-2018 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.web.servlet.tags;
import java.io.IOException;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.BodyContent;
import javax.servlet.jsp.tagext.BodyTag;
import org.springframework.lang.Nullable;
import org.springframework.util.Assert;
import org.springframework.web.util.JavaScriptUtils;
/**
* The {@code } tag is used to escape its enclosed body content,
* applying HTML escaping and/or JavaScript escaping.
*
* Provides a "htmlEscape" property for explicitly specifying whether to
* apply HTML escaping. If not set, a page-level default (e.g. from the
* HtmlEscapeTag) or an application-wide default (the "defaultHtmlEscape"
* context-param in web.xml) is used.
*
*
Provides a "javaScriptEscape" property for specifying whether to apply
* JavaScript escaping. Can be combined with HTML escaping or used standalone.
*
*
* Attribute Summary
*
*
* Attribute
* Required?
* Runtime Expression?
* Description
*
*
*
*
* htmlEscape
* false
* true
* Set HTML escaping for this tag, as boolean value.
* Overrides the default HTML escaping setting for the current page.
*
*
* javaScriptEscape
* false
* true
* Set JavaScript escaping for this tag, as boolean value.
* Default is false.
*
*
*
*
* @author Juergen Hoeller
* @since 1.1.1
* @see org.springframework.web.util.HtmlUtils
* @see org.springframework.web.util.JavaScriptUtils
*/
@SuppressWarnings("serial")
public class EscapeBodyTag extends HtmlEscapingAwareTag implements BodyTag {
private boolean javaScriptEscape = false;
@Nullable
private BodyContent bodyContent;
/**
* Set JavaScript escaping for this tag, as boolean value.
* Default is "false".
*/
public void setJavaScriptEscape(boolean javaScriptEscape) throws JspException {
this.javaScriptEscape = javaScriptEscape;
}
@Override
protected int doStartTagInternal() {
// do nothing
return EVAL_BODY_BUFFERED;
}
@Override
public void doInitBody() {
// do nothing
}
@Override
public void setBodyContent(BodyContent bodyContent) {
this.bodyContent = bodyContent;
}
@Override
public int doAfterBody() throws JspException {
try {
String content = readBodyContent();
// HTML and/or JavaScript escape, if demanded
content = htmlEscape(content);
content = (this.javaScriptEscape ? JavaScriptUtils.javaScriptEscape(content) : content);
writeBodyContent(content);
}
catch (IOException ex) {
throw new JspException("Could not write escaped body", ex);
}
return (SKIP_BODY);
}
/**
* Read the unescaped body content from the page.
* @return the original content
* @throws IOException if reading failed
*/
protected String readBodyContent() throws IOException {
Assert.state(this.bodyContent != null, "No BodyContent set");
return this.bodyContent.getString();
}
/**
* Write the escaped body content to the page.
* Can be overridden in subclasses, e.g. for testing purposes.
* @param content the content to write
* @throws IOException if writing failed
*/
protected void writeBodyContent(String content) throws IOException {
Assert.state(this.bodyContent != null, "No BodyContent set");
this.bodyContent.getEnclosingWriter().print(content);
}
}