public class Script extends ClosingUIBean
Add nonce propagation feature to implement CSP in script tags
The script tag allows the user to execute JavaScript. It also allows external resources to execute scripts which can be malicious. The s:script tag includes a nonce attribute that is being randomly generated with each request and only allows scripts with the valid nonce value to be executed.
Examples
<s:script ... />
| Modifier and Type | Field and Description |
|---|---|
protected String |
async |
protected String |
charset |
protected String |
crossorigin |
protected String |
defer |
protected String |
integrity |
protected String |
nomodule |
protected String |
referrerpolicy |
protected String |
src |
protected String |
type |
accesskey, ATTR_FIELD_VALUE, ATTR_NAME_VALUE, ATTR_VALUE, cssClass, cssErrorClass, cssErrorStyle, cssStyle, defaultTemplateDir, defaultUITheme, disabled, dynamicAttributes, errorPosition, id, javascriptTooltip, key, label, labelPosition, labelSeparator, name, onblur, onchange, onclick, ondblclick, onfocus, onkeydown, onkeypress, onkeyup, onmousedown, onmousemove, onmouseout, onmouseover, onmouseup, onselect, request, requiredLabel, requiredPosition, response, tabindex, template, templateDir, templateEngineManager, templateSuffix, theme, title, tooltip, tooltipConfig, tooltipCssClass, tooltipDelay, tooltipIconPath, uiStaticContentPath, uiThemeExpansionToken, valueactionMapper, COMPONENT_STACK, devMode, escapeHtmlBody, parameters, performClearTagStateForTagPoolingServers, stack, standardAttributesMap, throwExceptionOnELFailure| Constructor and Description |
|---|
Script(ValueStack stack,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
| Modifier and Type | Method and Description |
|---|---|
protected void |
evaluateExtraParams() |
String |
getDefaultOpenTemplate() |
protected String |
getDefaultTemplate()
A contract that requires each concrete UI Tag to specify which template should be used as a default.
|
void |
setAsync(String async) |
void |
setCharset(String charset) |
void |
setCrossorigin(String crossorigin) |
void |
setDefer(String defer) |
void |
setIntegrity(String integrity) |
void |
setNomodule(String nomodule) |
void |
setReferrerpolicy(String referrerpolicy) |
void |
setSrc(String src) |
void |
setType(String type) |
boolean |
usesBody()
Overwrite to set if body should be used.
|
setOpenTemplate, startaddFormParameter, applyValueParameter, buildTemplateName, copyParams, enableAncestorFormCustomOnsubmit, end, ensureAttributeSafelyNotEscaped, escape, evaluateNameValue, evaluateParams, getId, getTemplate, getTemplateDir, getTheme, getTooltipConfig, getValueClassType, lazyEvaluation, mergeTemplate, populateComponentHtmlId, setAccesskey, setCssClass, setCssErrorClass, setCssErrorStyle, setCssStyle, setDefaultTemplateDir, setDefaultUITheme, setDisabled, setDynamicAttributes, setErrorPosition, setId, setJavascriptTooltip, setKey, setLabel, setLabelPosition, setLabelSeparator, setName, setOnblur, setOnchange, setOnclick, setOndblclick, setOnfocus, setOnkeydown, setOnkeypress, setOnkeyup, setOnmousedown, setOnmousemove, setOnmouseout, setOnmouseover, setOnmouseup, setOnselect, setRequiredLabel, setRequiredPosition, setStaticContentPath, setStyle, setTabindex, setTemplate, setTemplateDir, setTemplateEngineManager, setTheme, setTitle, setTooltip, setTooltipConfig, setTooltipCssClass, setTooltipDelay, setTooltipIconPath, setUIThemeExpansionToken, setValueaddAllParameters, addParameter, completeExpression, determineActionURL, determineNamespace, end, escapeHtmlBody, fieldError, findAncestor, findString, findString, findValue, findValue, findValue, getComponentStack, getNamespace, getParameters, getPerformClearTagStateForTagPoolingServers, getStack, getStandardAttributes, isAcceptableExpression, isValidTagAttribute, popComponentStack, setActionMapper, setDevMode, setEscapeHtmlBody, setNotExcludedAcceptedPatterns, setPerformClearTagStateForTagPoolingServers, setThrowExceptionsOnELFailure, setUrlHelper, stripExpression, toStringprotected String async
protected String charset
protected String defer
protected String src
protected String type
protected String referrerpolicy
protected String nomodule
protected String integrity
protected String crossorigin
public Script(ValueStack stack, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
public String getDefaultOpenTemplate()
getDefaultOpenTemplate in class ClosingUIBeanprotected String getDefaultTemplate()
UIBeangetDefaultTemplate in class UIBeanpublic void setAsync(String async)
public void setCharset(String charset)
public void setDefer(String defer)
public void setSrc(String src)
public void setType(String type)
public void setReferrerpolicy(String referrerpolicy)
public void setNomodule(String nomodule)
public void setIntegrity(String integrity)
public void setCrossorigin(String crossorigin)
public boolean usesBody()
Componentprotected void evaluateExtraParams()
evaluateExtraParams in class UIBeanCopyright © 2000–2023 Apache Software Foundation. All rights reserved.