Win a copy of Learn Spring Security (video course) this week in the Spring forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HFSJ Mock exam 7 Q13 page 338

 
Charmy Madhvani
Ranch Hand
Posts: 59
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Which statements about disabling scriplets are true?

A:You cant disable scripting via DD
B:You can only disable scripting at application level
C:You can disable scripting programmatically by using the isScriptingEnabled page directive attribute
D:You can disable scripting via DD by using <scripting-invalid> element.

The answer is D. But I think B is also correct. If I use <scripting-invalid> element, it becomes invalid at the application level. Am I right?
Please reply
 
Mihai Radulescu
Ranch Hand
Posts: 918
IntelliJ IDE Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Charmy,

The scripts can be disabled only from DD using the <script-enabled>, there is no other way to disable it problematically.

So the answer is A, B

D is wrong because the element is <scriting-eanbled>.

What you think ?



Regards
M
 
Charmy Madhvani
Ranch Hand
Posts: 59
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Scripting can be disabled in DD using <scripting-invalid>true</scripting-invalid>. So A is absolutely incorrect . And D is correct. I was asking whether B should also be correct or not
 
Collins Mbianda
Ranch Hand
Posts: 259
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Charmy Madhvani:
... I was asking whether B should also be correct or not


B:You can only disable scripting at application level

It false because you can enable and disable scripting in a JSP page, you specify the isScriptingEnabled attribute of the page directive:

<%@ page isScriptingEnabled="true|false" %>
 
Mihai Radulescu
Ranch Hand
Posts: 918
IntelliJ IDE Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Charmy

You are right, you can disable the scripting in DD by using the <scripting-invalid>true</scripting-invalid> - the question is tricky, IMHO if you can disable something with a boolean flag you can also enable it also enable it (with the same boolean).
and now about the question A and D, they are similar :

A:You cant disable scripting via DD --> yes by using the DD
D:You can disable scripting via DD by using <scripting-invalid> element. --> yes

may by Bert & Co tries to test your power of observation

Collins the @page directive isScriptingEnabled in not more actual, I just check the JSP specs (on 1-44) so I don't think that you have any possibility to do this programaticaly.
 
Collins Mbianda
Ranch Hand
Posts: 259
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Oops !!!
isScriptingEnabled is not supported by jsp 2.0
Thanks Mihai.

Syntax
<%@ page page_directive_attr_list %>
page_directive_attr_list ::= { language=�scriptingLanguage�}
{ extends=�className� }
{ import=�importList� }
{ session=�true|false� }
{ buffer=�none|sizekb� }
{ autoFlush=�true|false� }
{ isThreadSafe=�true|false� }
{ info=�info_text� }
{ errorPage=�error_url� }
{ isErrorPage=�true|false� }
{ contentType=�ctinfo� }
{ pageEncoding=�peinfo� }
{ isELIgnored=�true|false� }
 
Marc Peabody
pie sneak
Sheriff
Posts: 4727
Mac Ruby VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In my copy of HFSJ, page 338:
"You can only disable scripting elements through the DD. The <jsp-property-group> element allows you to disable scripting in selective JSPs by specifying URL patterns to be disabled."


This doesn't have to be an all-or-nothing, application-wide deal. You can disable scripting at the JSP level in the DD!
 
Mihai Radulescu
Ranch Hand
Posts: 918
IntelliJ IDE Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Marc,

This is more philosophy but if you have a "disable" feature you need its complementary feature (the enable it) to complete the circle.
By example : if you have a stone and a window (from glass) you can say that the rock has one feature it can open the window just throw the stone and break the window - the window is open, but if this feature really useful ?

I accept it like this and if I'll get this question on exam I choose only "the disable" question.

Regards
M
 
bnkiran kumar
Ranch Hand
Posts: 176
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Madhvani,

I agree with you. As there is no option available to disable scripting for a particular JSP and the only way to disable scripting is using DD (using <scripting-invalid> tag), we can disable scripting at only application level.
 
Charmy Madhvani
Ranch Hand
Posts: 59
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No bnkiran,
Mark has given the explanation..In DD you can give selective <scripting-invalid> by <jsp-propery-group> element. Here you specify the url patterns of those jsps where you want to disable scripting. SO this wont be an application level disabling..
I hope I have understood Mark?
 
Marc Peabody
pie sneak
Sheriff
Posts: 4727
Mac Ruby VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by bnkiran kumar:
I agree with you. As there is no option available to disable scripting for a particular JSP and the only way to disable scripting is using DD (using <scripting-invalid> tag), we can disable scripting at only application level.

That's not what "application level" means. "Application level" means that you'd have to turn it off for the entire application.

I get the impression that you're thinking DD = application level. That's not true. I don't think it's a philisophical matter either. Though many of the DD elements are for the entire application, just as many of the DD elements are for individual components. Some, like the <scripting-invalid> tag and filters, can effect either everything application-wide or just a small subset, depending on how you map it.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic