Forums Register Login
(ANOTHER) Question from Head First Servlets and JSP's

Which statements about disabling scripting are true? (Choose all that apply)

A. You can't disable scripting via the DD.
B. You can only disable scripting at the application level.
C. You can disable scripting programmatically by using the isScriptingEnabled page directive attribute
D. You can disable scripting via the DD by using the <scripting-invalid> element.

Answer from the book: D

My question is why isn't B also part of the answer? The DD is application level and you can ONLY disable scripting through the DD. (isScriptingEnabled page attribute is deprecated)

Am I wrong here?
It says:

B. You can only disable scripting at the application level.

It's not true because you may do it via DD (declarative configuration) or via directive on the JSP page which for me is the mentioned "application level".

but you can't do it via a page directive anymore. isScriptingEnabled page attribute has been removed.

What is your definition of application level? What I have as "application level" in my head is a low level such as the "application scope" or where you define your dtd before you deploy.
[ August 31, 2008: Message edited by: Eurig Jones ]
Sorry, I was thinking about EL which may be enabled by page directive with a isELIgnored param.
The scripting can be disabled only via DD using <scripting-invalid>. Don't know how to disable/enable it in the *.jsp code

Yah you can only disable scripting on DD but it doesnt have to be application level cos you use <url-pattern> to select the sections where you it to be disabled.
But what IS the definition of "Application Level" here exactly?

Is configuring the DD not considered configuring something at the application level?
[ September 06, 2008: Message edited by: Eurig Jones ]
Anyone have any feedback on this?

Thanks in advance,
Please check the following web.xml fragment


always scripting invalid is specifies for a url-pattern which hence can be to anything from a single JSP to the Entire Web Application.Hence,i feel B cannot be right..
Ahh yes! Thanks Raghavendra.
You guys wanna see my fabulous new place? Or do you wanna look at this tiny ad?
RavenDB is an Open Source NoSQL Database that’s fully transactional (ACID) across your database

This thread has been viewed 921 times.

All times above are in ranch (not your local) time.
The current ranch time is
Jan 23, 2019 20:03:13.