Why scripts are considered to be harmful and how to disable scripting in your program?

It is not good to put all the java codes into your jsp. This is because,
-web page designers should not have to know java.
-Java code in jsp is hard to change and maintain.
We can make the scripting invalid for jsp. That means the scriptlets, expressions and declarations will not work.We can do it by putting <scripting-invalid> tag in the DD.

Before days people are using
<%@page isScriptingEnabled=”false”%> in the required page.
But this attribute is no longer in the jsp specification. So the only way to disable scripting is through DD.

No comments:

Post a Comment