Investigate the use of core JSTL tags.
Task - Investigate the c:out Core Tag
1. Create a new Java Web project, called SL3l4m08labl.
2. Into the index, jsp file, add a taglib directive for the core JSTL library. Refer to the "JSTL Functional Areas" section in Module S of the student guide for details of the prefix and URI that are expected for this.
3. Create a paragraph in your JSP that contains the following literal text:
<script type='text/javascript'> alert('How annoying');
</script>
<hl this is not a heading
X > Y... is that true & is the other true too?
4. Ignore the errors for now and run the application. Notice how the text is interpreted. Some of it disappears, and some behaves strangely.
5. Surround each of these lines with a <c:out> tag. Consult the "JSTL out Tag" section in Module S of the student guide for a reminder of the syntax.
6. Run the application again and observe the behavior.
a. Right-click the web page and choose View Source.
b. Notice that the default value of escapeXml is true, and the markup symbols have been converted to character entities. You will see in Module 12 that this can be a valuable tool in protecting against crosssite scripting attacks.
Task - Investigate the c: remove Core Tag
1. Open the project SL314m081ab2 in the d:\labs\student\exercises directory. Examine the Address JavaBean (this is the same one you have seen before).
2. Into the index, jsp file, add a jsp:useBean directive to create an instance of the Address bean in the session scope.
3. Add a jsp:setProperty tag to set a literal value of 1234 Acacia Gardens for the property addressl of the bean.
4. Add a jsp:getProperty tag to output the value of the addressl property (to prove that it is present and assigned).
5. Run the application to demonstrate that the bean has been created and the value assigned.
6. Add the taglib directive to allow the use of the core tag library.
7. After the value of the property has been printed out. add a c: remove tag to remove the bean, then repeat the code you used to output the value further up the file.
S. Run the application and demonstrate that the bean was removed, and therefore the attempt to output the value of the address field fails.
No comments:
Post a Comment