• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

c:url and encodeURL()

 
Kevin DesLauriers
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I was under the impression that <c:url value="url_expression" /> not only did rewriting for urls not using the context attribute but also did url encoding most likely using HttpServletResponse.encodeURL() method. Am I wrong to think that encoding is done at all using <c:url .../>?

If it does encoding does it matter it there is a context attribute?

Kevin
 
Marc Peabody
pie sneak
Sheriff
Posts: 4727
Mac Ruby VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Context attribute usually means an attribute at application scope. It doesn't have anything like that to do with it.

The c:url is basically like the encodeURL method to add a session ID to the URL if it's needed. It might even just call encodeURL behind the scenes.
 
Kevin DesLauriers
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But you may use the context attribute with c:url to specifiy a url in a different logical context.
 
Carol Enderlin
drifter
Ranch Hand
Posts: 1364
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The JSTL 1.1 spec (link on this forum's links page) says that the url is not encoded by <c:url> tag. However, any params included as subtags will be if needed.




If the URL contains characters that should be encoded (e.g. space), it is the user's responsibility to encode them.
...
<c:param> subtags can also be specified within the body of <c:url> for adding to the URL query string parameters, which will be properly encoded if necessary.

[ February 15, 2007: Message edited by: Carol Enderlin ]
 
Kevin DesLauriers
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you
 
Marc Peabody
pie sneak
Sheriff
Posts: 4727
Mac Ruby VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Strange. It seems "encode" is an overloaded term here with two meanings. Never really thought about it before. One meaning: "fix the spaces and non-friendly url characters (what truly should be called encoding)" and the other: "add a session tracker if it's needed (aka URL rewriting)". I guess the encodeURL method should have been called rewriteURL instead.

My understanding was/is that c:url and response.encodeURL both rewrite (aka "encoding" by meaning 2). By what Carol found, it looks like c:params get encoded [non-safe characters] but the value of c:url does not.

I guess the programmer could extend the c:url with a custom taglib that would make a call to URLEncoder.encode or escapeXml seems like another interesting option.
[ February 15, 2007: Message edited by: Marc Peabody ]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic