• Post Reply Bookmark Topic Watch Topic
  • New Topic

Where to use encodeURL and encodeRedirectURL in JSP pages?

 
Bridget Carlson
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello everyone,

I just recently started working on making updates to my site. I have many JSP pages and servlets. I'm using encodeURL and encodeRedirectURL methods, but I'm uncertain as to 'where' each method should be used.

Thus far, I have put them in the following page elements -
<form action>
<a href>
<img src> --- if src refers to a servlet
<% response.sendRedirect("link.jsp"); %> has been changed to <% response.sendRedirect(response.encodeRedirectURL("link.jsp")) %>
<frame src>

So now my question is this - where else should these encodeURL methods be used within JSP pages and Servlets?

I have the following directives in my JSP pages as well. Do they require encodeURL?? :
<jsp:include page="go.myservlet">
AND
<%@ include file="myJspPage.jsp"%>
AND
RequestDispatcher rd = request.getRequestDispatcher("go.track?process=trackVisit");
rd.include(request,response);

Can someone please direct me? My updates are extensive and time consuming, as I have to go into each page and servlet, so I would like to get some definite answers.
Thank You
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65530
108
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In legacy pages, you'd use it whenever you construct a URL.

On modern pages, you'd have no Java code at all, so it's moot. Use of <c:url> to construct URLs handles it.
 
Bridget Carlson
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:In legacy pages, you'd use it whenever you construct a URL.

On modern pages, you'd have no Java code at all, so it's moot. Use of <c:url> to construct URLs handles it.


I'm not using JSTL (c:url) in my pages, perhaps that will be an update for another time...

as for now, though, are you saying that ANY url should have encodeURL attached to it?
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65530
108
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you are concerned with making sessions work when cookies are turned off, yes.
 
Bridget Carlson
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:If you are concerned with making sessions work when cookies are turned off, yes.

Yes, that is the main reason for the update....in case users have cookies turned off.

So that's all there is to it then? If its a URL, encode it.

With the include directives, including the RequestDispatcher (include(request,response)...would it really be necessary to encode those url's? I'm no expert, but with an include, of any sort, is the request for the initial page not included/forwarded when an <include> is executed?

And what about <jsp:forward> - the request gets forwarded to the source, so would an encodeURL be necessary in that directive as well? I'm thinking not...

What are your thoughts?

(Thank you for your help on this )

 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65530
108
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It is only necessary to encode the URLs that will be sent to the client. Forwards and includes should not be encoded.
 
Bridget Carlson
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:It is only necessary to encode the URLs that will be sent to the client. Forwards and includes should not be encoded.


Thank you, that is the clear answer I was looking for. I appreciate your help on this. Finding answers to very specific questions via google, isn't always so simple;-)
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bridget Carlson wrote:If its a URL, encode it.

Check out my & while the browser decodes it.

O\-<
O|-<
O/-<
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!