<%@ page contentType="text/html; charset=UTF-8" %> <%@ page import="java.util.Date" %> Blocked Scripting Example - Gumdrop JSP

Blocked Scripting Example

← Back to JSP Examples

This JSP file contains Java scriptlets and expressions that are prohibited by the JSP configuration in web.xml.

The web.xml contains a jsp-property-group that matches the URL pattern /jsp/restricted/* with <scripting-invalid>true</scripting-invalid>.

Prohibited JSP Elements

The following JSP elements will cause this page to fail compilation:

<%-- This scriptlet will cause a JSPParseException during parsing --%> <% String message = "This scriptlet violates the scripting-invalid policy!"; Date now = new Date(); %>

Current time would be: <%= now.toString() %>

<%-- This declaration will also cause a JSPParseException --%> <%! private int counter = 0; public String getWelcomeMessage() { return "Welcome visitor #" + (++counter); } %>

Welcome message would be: <%= getWelcomeMessage() %>

Expected Behaviour

When you try to access this JSP, you should see an error message indicating that scripting is disabled for this JSP page. The exact error will be:

JSPParseException: Scripting is disabled for this JSP page

This demonstrates Gumdrop's JSP property group enforcement, which allows administrators to selectively disable Java scripting in JSP files based on URL patterns for security or architectural reasons.

Alternative Approaches

When scripting is disabled, you can still use:

Expression Language (EL) - e.g., \${sessionScope.user.name}
JSTL tags for control flow and formatting
Custom tag libraries
Static content and includes

This JSP intentionally violates scripting policy for demonstration purposes.