简体繁体 English

JSP 模板的任何类型安全替代品

[英]Any Type-safe alternatives to JSP templating

原文 2013-02-21 22:08:40 9 6 java/ jsp

Is there something safer than JSP?有什么比 JSP 更安全的东西吗？ I haven't found any meaningful answers through Google.我还没有通过谷歌找到任何有意义的答案。 We currently use the Spring MVC framework and JSP to render HTML.我们目前使用 Spring MVC 框架和 JSP 来呈现 HTML。 I have came to hate the dynamic nature of the JSP rendering, in that you reference a model like ${model.someAttribute} but have no way of telling whether this attribute is available at the given module or specifies the type of the model that the template expects.我开始讨厌 JSP 渲染的动态特性，因为您引用了一个像${model.someAttribute}这样的模型，但无法判断该属性是否在给定模块中可用或指定模型的类型模板期望。 It becomes very difficult to refactor the models' getters since Eclipse doesn't know which templates use the model and also cannot relate the getters to the property accessors in templates.重构模型的 getter 变得非常困难，因为 Eclipse 不知道哪些模板使用模型，也无法将 getter 与模板中的属性访问器相关联。

Is there a templating technology out there, that is both less ugly than spitting out HTML code via imperative code and more type/compile safe than JSPs?有没有一种模板技术，它既没有通过命令式代码输出 HTML 代码那么丑陋，又比 JSP 更安全？

6 个解决方案

You can use type hints, eg the type attribute in jsp:useBean and in the attribute declarations of JSP tag files (and probably in other places like JSTL tags).您可以使用类型提示，例如 jsp:useBean 中的type 属性和 JSP 标记文件的属性声明（也可能在其他地方，如 JSTL 标记）。 IntelliJ will then do all the good static type-based stuff for you (accurate code completion suggestions, refactoring, find usages, show quick javadoc, etc.).然后，IntelliJ 将为您完成所有基于静态类型的好工作（准确的代码完成建议、重构、查找用法、快速显示 javadoc 等）。

I just recently wrote about this in the context of JSP tag files .我最近刚刚在JSP 标记文件的上下文中写了这篇文章。

Lift (based on Scala ) offers a very nice model with good separation of the HTML layout from the actual application code (called snippets). Lift （基于Scala ）提供了一个非常好的模型，将 HTML 布局与实际应用程序代码（称为片段）很好地分离。 While the barrier to entry may look high at first, the gains are really big in the somewhat longer term.虽然一开始进入门槛可能很高，但从长远来看，收益确实很大。 One big upside is that it runs on the JVM so you can re-use most of your Java libraries and other code.一个很大的好处是它在 JVM 上运行，因此您可以重用大部分 Java 库和其他代码。

I believe JXT 's goals include both XSS safety and type model safety, and it was designed to be easy to transition to from JSPs.我相信JXT的目标包括 XSS 安全性和类型模型安全性，并且它被设计为易于从 JSP 过渡到。

Their pipeline description explains that their expressions map more closely to Java expressions so you will get Java-esque type errors if your expressions have a type mismatch.他们的管道描述解释了他们的表达式更接近于 Java 表达式，因此如果您的表达式有类型不匹配，您将得到 Java 式的类型错误。

Haven't actually used it, but Twirl (https://www.playframework.com/documentation/2.5.x/JavaTemplates ) calls itself "a type safe template engine based on Scala" (can apparently be used in Play for Java).还没有真正使用过它，但 Twirl (https://www.playframework.com/documentation/2.5.x/JavaTemplates ) 称自己为“基于 Scala 的类型安全模板引擎”（显然可以在 Play for Java 中使用） .

Quote:引用：

A type safe template engine based on Scala Play comes with Twirl, a powerful Scala-based template engine, whose design was inspired by ASP.NET Razor.基于 Scala Play 的类型安全模板引擎附带了 Twirl，这是一个强大的基于 Scala 的模板引擎，其设计灵感来自 ASP.NET Razor。 Specifically it is:具体是：

compact, expressive, and fluid: it minimizes the number of characters and keystrokes required in a file, and enables a fast, fluid coding workflow.紧凑、富有表现力和流畅：它最大限度地减少了文件中所需的字符数和击键次数，并实现了快速、流畅的编码工作流程。 Unlike most template syntaxes, you do not need to interrupt your coding to explicitly denote server blocks within your HTML.与大多数模板语法不同，您无需中断编码以在 HTML 中明确表示服务器块。 The parser is smart enough to infer this from your code.解析器足够聪明，可以从您的代码中推断出这一点。 This enables a really compact and expressive syntax which is clean, fast and fun to type.这实现了一个非常紧凑和富有表现力的语法，它干净、快速并且打字很有趣。

easy to learn: it allows you to quickly become productive, with a minimum of concepts.易于学习：它使您能够以最少的概念快速提高工作效率。 You use simple Scala constructs and all your existing HTML skills.您使用简单的 Scala 结构和所有现有的 HTML 技能。

not a new language: we consciously chose not to create a new language.不是一种新语言：我们有意识地选择不创造一种新语言。 Instead we wanted to enable Scala developers to use their existing Scala language skills, and deliver a template markup syntax that enables an awesome HTML construction workflow.相反，我们想让 Scala 开发人员能够使用他们现有的 Scala 语言技能，并提供模板标记语法，以实现出色的 HTML 构建工作流。

editable in any text editor: it doesn't require a specific tool and enables you to be productive in any plain old text editor.可在任何文本编辑器中编辑：它不需要特定工具，使您能够在任何普通的旧文本编辑器中高效工作。

Disclaimer: I'm the author of Hepek .免责声明：我是Hepek的作者。 Currently, it supports only the Play framework.目前，它仅支持 Play 框架。

Scalatags gives you safe HTML by construction. Scalatags 通过构造为您提供安全的 HTML。 On top of it, Hepek has really nice API for constructing forms, grid, code highlighting etc. Basically, it is just Scala, no template parsing, no worrying does a variable exists.. :)最重要的是，Hepek 有非常好的 API 来构建表单、网格、代码突出显示等。基本上，它只是 Scala，没有模板解析，不用担心变量是否存在.. :)

I think Rocker is exactly what you've been looking for.我认为Rocker正是您一直在寻找的。 It is compiled, type-safe and fast.它经过编译，类型安全且快速。