Hans Bergsten wrote:
>
> > If option 2 is what I should do, why doesn't JSP shield the HTML developer
> > from this? The goal would be for
> > the JSP author to be a higher-end HTML developer who shouldn't have to worry
> > about maintaining the
> > session, etc.
>
> The goal for JSP is also to be able to deal with other markup languages
> that HTML, such as XML. Finding all HTML references in the generated
> output and taking care of session encoding would defeat that goal. It's
> possible, however, to provide custom actions for all HTML elements that
> includes links to other resources (e.g. <a>, <img>, <form>) and let the
> custom action take care of the encoding.
Some days ago, I've also raised the question on resin-interest as I also
started to worry about it. I have to mention that I didn't think about
it much, so the first reaction when I understand the behaviour was
similar to Dave.
The point is that it would be hard to parse all HTML code, just to find
out where URL is and encode it - think about JavaScript code. It would
also break JSP contract as it's not parseable language, but that's
*only* HTML with some other language-specific (e.g. Java) parts. One
suggestion is either make your own tags which could provide the
functionality or use some template systems like Resin's XTP. It'll allow
you to achieve this and much more "parseable" things:)
>
> Hans
Jacek Laskowski
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
