I replaced the <html:form> by <form> and in the "action" tag I do
action="<%= response.encodeURL("....") %>"
Let's temporarily not discuss *why* I do this. I have a question --- If I use <form> to replace it, how about those "forward" defined in the "struts-config.xml", does struts still automatically apply "encodeURL" for those forward for me ? Or do I have to apply "encodeURL" to those "forward" by myself because I am not using <html:form> ??
posted 15 years ago
actually, bear with me for one more question here --
if I use <FORM> in JSPand I have sessions, should I append "encodeURL" to the "ACTION" or not ? Maybe I don't need to as maybe struts handles that for me too. I know struts handles it automatically if I use <html:form> tag, but how about I use <FORM> html tag ?
The html:form tag will do several things for you (apart from just creating the <form> tag on the page with appropriate action)
- create your action form bean and exposes to the page - allow you to use tags like <html:text property="userName"/> with an implicit form (ie the form is provided by the html:form tag.)
>does struts still automatically apply "encodeURL" for those forward for >me ? Or do I have to apply "encodeURL" to those "forward" by myself >because I am not using <html:form> ?? Forwards in the struts:config do not need to be encoded. The point of encodeURL is so that a sessionId can be included in the URL if the browser does not support cookies. It is only necessary if the URL is going to be rendered onto a JSP page - either as a form action, or a href in a link. For forwarding with the request dispatcher, encoding the URL is pointless.
>if I use <FORM> in JSPand I have sessions, should I append "encodeURL" to the "ACTION" or not ? Yes. The html:form tag will automatically call encodeURL on the action attribute. If you are writing your own form tag, with its custom action, you have to encode it yourself.