如何将String从Servlet传递到JSP?
[英]How to transfer String from Servlet to JSP?
问题描述
servlet file 
servlet文件
String str = req.getParameter("str");
req.setAttribute("str", "java");
getServletContext().getRequestDispatcher("/us.jsp").forward(req, resp);
jsp file jsp文件
<jsp:useBean id="str" class="hws" scope="request">
or 要么
<div align="center">
<textarea readonly name="" cols="50" rows="25"><%= request.getAttribute("str") %></ textarea>
</div>
<form action="/us" method="post">
<div align="center">
<textarea name="str" cols="50" rows="3">welcome to my program</textarea>
</div>
</form>
2 个解决方案
解决方案1
4 已采纳 2010-12-10 21:09:32
Use EL (Expression Language, those ${} things). 使用EL(表达语言,那些${}东西)。 It has implicit access to request/session/application scoped attributes by just its attribute name. 它只通过其属性名称隐式访问请求/会话/应用程序作用域属性。
<textarea readonly>${str}</textarea>
Be careful with XSS though whenever it concerns user-controlled input. 无论何时涉及用户控制的输入, 都要小心XSS 。
See also: 也可以看看:
解决方案2
4 2010-12-10 21:19:06
While BalusC is correct, I wanted to point out the potential security risk with directly outputting a string. 虽然BalusC是正确的,但我想通过直接输出字符串来指出潜在的安全风险。 According to the Java Servlet 2.0 spec , 根据Java Servlet 2.0规范 ,
In cases where escaping is desired (for example, to help prevent cross-site scripting attacks), the JSTL core tag can be used.
For example: 例如:
<c:out value=”${anELexpression}” />
This can help protected against XSS attacks. 这可以帮助防止XSS攻击。 See the OWASP page for more info. 有关详细信息,请参阅OWASP页面。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.