"Bolt, Dave" wrote:
>
> If I want my JSP pages to work in a situation where cookies are disabled and
> the server is doing URL rewriting
> do I have to use EncodeURL for all of my HREF (and perhaps IMG) tags in my
> JSP page.
>
> Example. Here is a JSP page that retrieves an image (stored in a database)
> via a servlet and has hyperlinks
> to other JSP pages. Note: I am using a servlet mapping to map a servlet to a
> directory
>
> The way you would expect to write this page is something like this.
>
> <IMG SRC="mediaservlet?mediaId=5000"><BR>
> <a href="page1.jsp">page1</a><BR>
> <a href="page2.jsp">page2</a><BR>
> <a href="page3.jsp">page3</a><BR>
>
> If I want the page to work in a URL-rewriting mode do I have to do the
> following?
>
> <IMG SRC="<%= response.encodeURL("mediaservlet?mediaId=5000")%>"><BR>
> <a href="<%=response.encodeURL("page1.jsp")%>">page1</a><BR>
> <a href="<%=response.encodeURL("page2.jsp")%>">page2</a><BR>
> <a href="<%=response.encodeURL("page3.jsp")%>">page3</a><BR>
>
> What I'm basically looking for is some guidance on whether or not I need to
> do option 2 all of the time to
> maximize portability and survive cookie-disabled browsers.
Yes, you have to call encodeURL() for all links that takes the user
to another part of the application. That's so that the session ID
is available in all those pages, so you can call encodeURL() there as
well. The same goes for the action attribute of all form elements.
Typically you don't have to encode the img src attribute value, since
it only includes an image into a page, as opposed to presenting a new
page with possible links. If the img src is a servlet though, that
generates the image dynamically from session data, you need to encode
this value as well.
> If option 2 is what I should do, why doesn't JSP shield the HTML developer
> from this? The goal would be for
> the JSP author to be a higher-end HTML developer who shouldn't have to worry
> about maintaining the
> session, etc.
The goal for JSP is also to be able to deal with other markup languages
that HTML, such as XML. Finding all HTML references in the generated
output and taking care of session encoding would defeat that goal. It's
possible, however, to provide custom actions for all HTML elements that
includes links to other resources (e.g. <a>, <img>, <form>) and let the
custom action take care of the encoding.
Hans
--
Hans Bergsten [EMAIL PROTECTED]
Gefion Software http://www.gefionsoftware.com
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
