1 /* 2 * Copyright 2002-2010 the original author or authors. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package org.springframework.web.servlet.tags; 18 19 import javax.servlet.jsp.JspException; 20 21 import org.springframework.web.util.ExpressionEvaluationUtils; 22 23 /** 24 * Superclass for tags that output content that might get HTML-escaped. 25 * 26 * <p>Provides a "htmlEscape" property for explicitly specifying whether to 27 * apply HTML escaping. If not set, a page-level default (e.g. from the 28 * HtmlEscapeTag) or an application-wide default (the "defaultHtmlEscape" 29 * context-param in <code>web.xml</code>) is used. 30 * 31 * @author Juergen Hoeller 32 * @since 1.1 33 * @see #setHtmlEscape 34 * @see HtmlEscapeTag 35 * @see org.springframework.web.servlet.support.RequestContext#isDefaultHtmlEscape 36 * @see org.springframework.web.util.WebUtils#isDefaultHtmlEscape 37 */ 38 public abstract class HtmlEscapingAwareTag extends RequestContextAwareTag { 39 40 private Boolean htmlEscape; 41 42 43 /** 44 * Set HTML escaping for this tag, as boolean value. 45 * Overrides the default HTML escaping setting for the current page. 46 * @see HtmlEscapeTag#setDefaultHtmlEscape 47 */ setHtmlEscape(String htmlEscape)48 public void setHtmlEscape(String htmlEscape) throws JspException { 49 this.htmlEscape = ExpressionEvaluationUtils.evaluateBoolean("htmlEscape", htmlEscape, pageContext); 50 } 51 52 /** 53 * Return the HTML escaping setting for this tag, 54 * or the default setting if not overridden. 55 * @see #isDefaultHtmlEscape() 56 */ isHtmlEscape()57 protected boolean isHtmlEscape() { 58 if (this.htmlEscape != null) { 59 return this.htmlEscape.booleanValue(); 60 } 61 else { 62 return isDefaultHtmlEscape(); 63 } 64 } 65 66 /** 67 * Return the applicable default HTML escape setting for this tag. 68 * <p>The default implementation checks the RequestContext's setting, 69 * falling back to <code>false</code> in case of no explicit default given. 70 * @see #getRequestContext() 71 */ isDefaultHtmlEscape()72 protected boolean isDefaultHtmlEscape() { 73 return getRequestContext().isDefaultHtmlEscape(); 74 } 75 76 } 77