[英]HTML not passing validation
The below line is not passing validation in my application. 以下行未在我的应用程序中通过验证。 The error is in Netbeans is... 错误是在Netbeans中是...
Bad value " /content/edit" for attribute href on element "a": WHITESPACE in PATH
<a href="<%=request.getAttribute("urlPrefix")%>/content/edit">Add Content</a>
The runtime error is: 运行时错误为:
org.apache.jasper.JasperException: /base.jsp(9,25) PWC6213: quote symbol expected
I am passing an attribute for this value. 我正在传递此值的属性。 Why am I getting this error when I pass a value? 传递值时为什么会出现此错误?
Don't use scriptlets in JSP. 不要在JSP中使用scriptlet。 Use the JSP EL: 使用JSP EL:
<a href="${urlPrefix}/content/edit">Add Content</a>
<a href="<%=request.getAttribute('urlPrefix')%>/content/edit">Add Content</a>
Use single quotes with urlPrefix
. 将单引号与urlPrefix
一起urlPrefix
。 It should work. 它应该工作。
Try this: 尝试这个:
<% String urlPrefix = (String)request.getAttribute("urlPrefix"); %>
<a href="<%=urlPrefix%>/content/edit">Add Content</a>
or better this: 或更好的是:
<%
String urlPrefix = (String)request.getAttribute("urlPrefix");
String url = urlPrefix + "/content/edit";
%>
<a href="<%=url%>">Add Content</a>
or even better use EL: 甚至更好地使用EL:
<a href="${urlPrefix}/content/edit">Add Content</a>
It's worth mentioning the protection against XSS attacks as Asaph pointed out in his comment: 正如Asaph在他的评论中所指出的,值得一提的是针对XSS攻击的防护:
<a href="${fn:escapeXml(urlPrefix)}/content/edit">Add Content</a>
might do the trick if you include 如果您包括在内,可能会解决问题
<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
at the top of your JSP. 在您的JSP顶部。
I've just done a simple test and the following line has no syntax error and runs without throwing an exception whether the urlPrefix
attribute is set or not: 我刚刚完成了一个简单的测试,并且以下行没有语法错误,并且无论是否设置了urlPrefix
属性,其运行都不会引发异常:
<a href="<%=request.getAttribute("urlPrefix")%>/content/edit">Add Content</a>
There is no syntax error at all. 根本没有语法错误。 In the case of there being no urlPrefix
attribute set, the resulting html is: 如果没有设置urlPrefix
属性,则生成的html为:
<a href="null/content/edit">Add Content</a>
In the case of urlPrefix
being equal to http://example.com
, the resulting html is: 如果urlPrefix
等于http://example.com
,则生成的html为:
<a href="http://example.com/content/edit">Add Content</a>
Here is a quick little standalone test.jsp
file to demonstrate: 这是一个简短的独立test.jsp
小文件,用于演示:
<% request.setAttribute("urlPrefix", "http://example.com"); %>
<a href="<%=request.getAttribute("urlPrefix")%>/content/edit">Add Content</a>
You can remove the first line to test the null
case. 您可以删除第一行以测试是否为null
。
So we've demonstrated that the line you posted as the alleged offending line is not actually problematic. 因此,我们证明了您发布为涉嫌违规行的行实际上没有问题。 Some possibilities: 一些可能性:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.