Listing 8-10.Default HTML Escaping Value Set in web.xml<web-app>
<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>...
</web-app>Default values for HTML escaping are always false, so you need only specify this context
parameter if you want to make escaping the default behavior in your application.
The next level of granularity is at the page scope. Within your JSP you can set a
<spring:htmlEscape>tag and the content-producing tags that follow will generate HTML
escaped values. Listing 8-11 shows you how.Listing 8-11.The <spring:htmlEscape> Tag in Action<spring:bind path="command.field1">
${status.value} <!-- will NOT be html escaped -->
</spring:bind><spring:htmlEscape defaultHtmlEscape="true"/><spring:bind path="command.field2">
${status.value} <!-- WILL be html escaped -->
</spring:bind>Finally, the <bind>tag accepts an optional attribute named htmlEscapethat can be used to
override the value set in the page by the <spring:htmlEscape>tag, the value set in web.xml, or
both. Listing 8-12 explains.Listing 8-12.Overriding HTML Escaping in the Bind Tag<spring:htmlEscape defaultHtmlEscape="true"/>
<spring:bind path="command.field2" htmlEscape="false">
${status.value} <!-- will NOT be html escaped -->
</spring:bind>Tagfiles
Version 2.4 of the servlet specification supports the use of tagfiles for JSPs. Tagfiles are similar
in nature to macros in FreeMarker and Velocity. They can manipulate the markup language
directly (no more need to code them in Java), access standard tag libraries, and be deployed
without compilation or tag library descriptor files if you so choose.
Spring currently has no form simplification tagfiles, but they’ve been on the cards for
awhile. It’s hoped that they will finally make it into version 1.3, which will probably have been
released by the time you read this.232 CHAPTER 8 ■SUPPORTED VIEW TYPES