Package org.apache.struts2.components
Class Script
java.lang.Object
org.apache.struts2.components.Component
org.apache.struts2.components.UIBean
org.apache.struts2.components.ClosingUIBean
org.apache.struts2.components.Script
Add nonce propagation feature to implement CSP in script tags
The script tag allows the user to execute JavaScript. It also allows external resources to execute scripts which can be malicious. The s:script tag includes a nonce attribute that is being randomly generated with each request and only allows scripts with the valid nonce value to be executed.
Examples
<s:script ... />
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected Stringprotected Stringprotected Stringprotected Stringprotected Stringprotected Stringprotected Stringprotected Stringprotected StringFields inherited from class org.apache.struts2.components.UIBean
accesskey, ATTR_FIELD_VALUE, ATTR_NAME_VALUE, ATTR_VALUE, cssClass, cssErrorClass, cssErrorStyle, cssStyle, defaultTemplateDir, defaultUITheme, disabled, dynamicAttributes, errorPosition, id, javascriptTooltip, key, label, labelPosition, labelSeparator, name, onblur, onchange, onclick, ondblclick, onfocus, onkeydown, onkeypress, onkeyup, onmousedown, onmousemove, onmouseout, onmouseover, onmouseup, onselect, request, requiredLabel, requiredPosition, response, tabindex, template, templateDir, templateEngineManager, templateSuffix, theme, title, tooltip, tooltipConfig, tooltipCssClass, tooltipDelay, tooltipIconPath, uiStaticContentPath, uiThemeExpansionToken, valueFields inherited from class org.apache.struts2.components.Component
actionMapper, attributes, COMPONENT_STACK, devMode, escapeHtmlBody, performClearTagStateForTagPoolingServers, stack, standardAttributesMap, throwExceptionOnELFailure -
Constructor Summary
ConstructorsConstructorDescriptionScript(ValueStack stack, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) -
Method Summary
Modifier and TypeMethodDescriptionprotected voidprotected StringA contract that requires each concrete UI Tag to specify which template should be used as a default.voidvoidsetCharset(String charset) voidsetCrossorigin(String crossorigin) voidvoidsetIntegrity(String integrity) voidsetNomodule(String nomodule) voidsetReferrerpolicy(String referrerpolicy) voidvoidbooleanusesBody()Overwrite to set if body should be used.Methods inherited from class org.apache.struts2.components.ClosingUIBean
setOpenTemplate, startMethods inherited from class org.apache.struts2.components.UIBean
addFormParameter, applyValueParameter, buildTemplateName, copyAttributes, enableAncestorFormCustomOnsubmit, end, ensureAttributeSafelyNotEscaped, escape, evaluateNameValue, evaluateParams, getId, getTemplate, getTemplateDir, getTheme, getTooltipConfig, getValueClassType, lazyEvaluation, mergeTemplate, populateComponentHtmlId, setAccesskey, setCssClass, setCssErrorClass, setCssErrorStyle, setCssStyle, setDefaultTemplateDir, setDefaultUITheme, setDisabled, setDynamicAttributes, setErrorPosition, setId, setJavascriptTooltip, setKey, setLabel, setLabelPosition, setLabelSeparator, setName, setOnblur, setOnchange, setOnclick, setOndblclick, setOnfocus, setOnkeydown, setOnkeypress, setOnkeyup, setOnmousedown, setOnmousemove, setOnmouseout, setOnmouseover, setOnmouseup, setOnselect, setRequiredLabel, setRequiredPosition, setStaticContentPath, setStyle, setTabindex, setTemplate, setTemplateDir, setTemplateEngineManager, setTheme, setTitle, setTooltip, setTooltipConfig, setTooltipCssClass, setTooltipDelay, setTooltipIconPath, setUIThemeExpansionToken, setValueMethods inherited from class org.apache.struts2.components.Component
addAllAttributes, addParameter, completeExpression, determineActionURL, determineNamespace, end, escapeHtmlBody, fieldError, findAncestor, findString, findString, findValue, findValue, findValue, getAttributes, getComponentStack, getNamespace, getPerformClearTagStateForTagPoolingServers, getStack, getStandardAttributes, isAcceptableExpression, isValidTagAttribute, popComponentStack, setActionMapper, setDevMode, setEscapeHtmlBody, setNotExcludedAcceptedPatterns, setPerformClearTagStateForTagPoolingServers, setThrowExceptionsOnELFailure, setUrlHelper, stripExpression, toString
-
Field Details
-
async
-
charset
-
defer
-
src
-
type
-
referrerpolicy
-
nomodule
-
integrity
-
crossorigin
-
-
Constructor Details
-
Script
public Script(ValueStack stack, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
-
-
Method Details
-
getDefaultOpenTemplate
- Specified by:
getDefaultOpenTemplatein classClosingUIBean
-
getDefaultTemplate
Description copied from class:UIBeanA contract that requires each concrete UI Tag to specify which template should be used as a default. For example, the CheckboxTab might return "checkbox.vm" while the RadioTag might return "radio.vm". This value not begin with a '/' unless you intend to make the path absolute rather than relative to the current theme.- Specified by:
getDefaultTemplatein classUIBean- Returns:
- The name of the template to be used as the default.
-
setAsync
-
setCharset
-
setDefer
-
setSrc
-
setType
-
setReferrerpolicy
-
setNomodule
-
setIntegrity
-
setCrossorigin
-
usesBody
public boolean usesBody()Description copied from class:ComponentOverwrite to set if body should be used. -
evaluateExtraParams
protected void evaluateExtraParams()- Overrides:
evaluateExtraParamsin classUIBean
-