Class ScriptFreeTLV

  • public class ScriptFreeTLV
    extends TagLibraryValidator

    A TagLibraryValidator for enforcing restrictions against the use of JSP scripting elements.

    This TLV supports four initialization parameters, for controlling which of the four types of scripting elements are allowed or prohibited:

    • allowDeclarations: if true, indicates that declaration elements are not prohibited.
    • allowScriptlets: if true, indicates that scriptlets are not prohibited
    • allowExpressions: if true, indicates that top-level expression elements (i.e., expressions not associated with request-time attribute values) are not prohibited.
    • allowRTExpressions: if true, indicates that expression elements associated with request-time attribute values are not prohibited.

    The default value for all for initialization parameters is false, indicating all forms of scripting elements are to be prohibited.

    • Constructor Summary

      Constructor Description
      Constructs a new validator instance.
    • Constructor Detail

      • ScriptFreeTLV

        public ScriptFreeTLV()
        Constructs a new validator instance. Initializes the parser factory to create non-validating, namespace-aware SAX parsers.
    • Method Detail

      • setInitParameters

        public void setInitParameters​(java.util.Map<java.lang.String,​java.lang.Object> initParms)
        Sets the values of the initialization parameters, as supplied in the TLD.
        setInitParameters in class TagLibraryValidator
        initParms - a mapping from the names of the initialization parameters to their values, as specified in the TLD.
      • validate

        public ValidationMessage[] validate​(java.lang.String prefix,
                                            java.lang.String uri,
                                            PageData page)
        Validates a single JSP page.
        validate in class TagLibraryValidator
        prefix - the namespace prefix specified by the page for the custom tag library being validated.
        uri - the URI specified by the page for the TLD of the custom tag library being validated.
        page - a wrapper around the XML representation of the page being validated.
        null, if the page is valid; otherwise, a ValidationMessage[] containing one or more messages indicating why the page is not valid.