在JSP中禁用脚本有什么影响? [英] What are the effects of disabling scripting in a JSP?
问题描述
我最近阅读了如何通过在web.xml文件中添加以下元素来禁用整个应用程序的脚本编制:
I recently read how to disable scripting for an entire application by adding the following elements to the web.xml file:
<jsp-config>
<jsp-property-group>
<url-pattern>*.jsp</url-pattern>
<scripting-invalid>true</scripting-invalid>
</jsp-property-group>
</jsp-config>
它接着指出,这样做会迫使您始终使用标准的JSP标签,EL和JSTL而不是脚本,但是它没有定义脚本".我给人的印象是EL是一种脚本编写形式,但是现在我想知道禁用脚本编写后我到底不能做什么?
It went on to state that doing this forces you to always use standard JSP tags, EL, and JSTL instead of scripting, but it doesn't define 'scripting'. I was under the impression that EL is a form of scripting, and now I'm left wondering what is it I can't do exactly, after I disable scripting?
推荐答案
它禁用 脚本表达式 (<%= %>)和已被淘汰从taglibs/EL的诞生开始,便倾向于使用更好的可读性和可维护性的代码.
It disables scriptlets (<% %>), scriptlet expressions (<%= %>) and scriptlet declarations (<%! %>), which is a way of embedding raw Java code inside a JSP file. Using scriptlets has indeed been discouraged since the birth of taglibs/EL in favor of better readable and maintainable code.
这篇关于在JSP中禁用脚本有什么影响?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
