org.apache.struts2.components

Class Script

java.lang.Object

org.apache.struts2.components.Component

org.apache.struts2.components.UIBean

org.apache.struts2.components.ClosingUIBean

org.apache.struts2.components.Script

public class Script
extends ClosingUIBean

Add nonce propagation feature to implement CSP in script tags

The script tag allows the user to execute JavaScript. It also allows external resources to execute scripts which can be malicious. The s:script tag includes a nonce attribute that is being randomly generated with each request and only allows scripts with the valid nonce value to be executed.

Examples

 <s:script ... />

 

Field Summary

Fields

Modifier and Type	Field and Description
protected String	async
protected String	charset
protected String	crossorigin
protected String	defer
protected String	integrity
protected String	nomodule
protected String	referrerpolicy
protected String	src
protected String	type

Fields inherited from class org.apache.struts2.components.UIBean

accesskey, cssClass, cssErrorClass, cssErrorStyle, cssStyle, defaultTemplateDir, defaultUITheme, disabled, dynamicAttributes, errorPosition, id, javascriptTooltip, key, label, labelPosition, labelSeparator, name, onblur, onchange, onclick, ondblclick, onfocus, onkeydown, onkeypress, onkeyup, onmousedown, onmousemove, onmouseout, onmouseover, onmouseup, onselect, request, requiredLabel, requiredPosition, response, tabindex, template, templateDir, templateEngineManager, templateSuffix, theme, title, tooltip, tooltipConfig, tooltipCssClass, tooltipDelay, tooltipIconPath, uiStaticContentPath, uiThemeExpansionToken, value

Fields inherited from class org.apache.struts2.components.Component

actionMapper, COMPONENT_STACK, devMode, escapeHtmlBody, parameters, performClearTagStateForTagPoolingServers, stack, standardAttributesMap, throwExceptionOnELFailure

Constructor Summary

Constructors

Constructor and Description
Script(ValueStack stack, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)

Method Summary

Modifier and Type	Method and Description
protected void	evaluateExtraParams()
String	getDefaultOpenTemplate()
protected String	getDefaultTemplate() A contract that requires each concrete UI Tag to specify which template should be used as a default.
void	setAsync(String async)
void	setCharset(String charset)
void	setCrossorigin(String crossorigin)
void	setDefer(String defer)
void	setIntegrity(String integrity)
void	setNomodule(String nomodule)
void	setReferrerpolicy(String referrerpolicy)
void	setSrc(String src)
void	setType(String type)
boolean	usesBody() Overwrite to set if body should be used.

Methods inherited from class org.apache.struts2.components.ClosingUIBean

setOpenTemplate, start

Methods inherited from class org.apache.struts2.components.UIBean

addFormParameter, buildTemplateName, copyParams, enableAncestorFormCustomOnsubmit, end, ensureAttributeSafelyNotEscaped, escape, evaluateNameValue, evaluateParams, getId, getTemplate, getTemplateDir, getTheme, getTooltipConfig, getValueClassType, lazyEvaluation, mergeTemplate, populateComponentHtmlId, setAccesskey, setClass, setCssClass, setCssErrorClass, setCssErrorStyle, setCssStyle, setDefaultTemplateDir, setDefaultUITheme, setDisabled, setDynamicAttributes, setErrorPosition, setId, setJavascriptTooltip, setKey, setLabel, setLabelposition, setLabelPosition, setLabelSeparator, setName, setOnblur, setOnchange, setOnclick, setOndblclick, setOnfocus, setOnkeydown, setOnkeypress, setOnkeyup, setOnmousedown, setOnmousemove, setOnmouseout, setOnmouseover, setOnmouseup, setOnselect, setRequiredLabel, setRequiredPosition, setStaticContentPath, setStyle, setTabindex, setTemplate, setTemplateDir, setTemplateEngineManager, setTheme, setTitle, setTooltip, setTooltipConfig, setTooltipCssClass, setTooltipDelay, setTooltipIconPath, setUIThemeExpansionToken, setValue

Methods inherited from class org.apache.struts2.components.Component

addAllParameters, addParameter, completeExpression, determineActionURL, determineNamespace, end, escapeHtmlBody, fieldError, findAncestor, findString, findString, findValue, findValue, findValue, getComponentStack, getParameters, getPerformClearTagStateForTagPoolingServers, getStack, getStandardAttributes, isAcceptableExpression, isValidTagAttribute, popComponentStack, setActionMapper, setDevMode, setEscapeHtmlBody, setNotExcludedAcceptedPatterns, setPerformClearTagStateForTagPoolingServers, setThrowExceptionsOnELFailure, setUrlHelper, stripExpression, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

async

protected String async

charset

protected String charset

defer

protected String defer

src

protected String src

type

protected String type

referrerpolicy

protected String referrerpolicy

nomodule

protected String nomodule

integrity

protected String integrity

crossorigin

protected String crossorigin

Constructor Detail

Script

public Script(ValueStack stack,
              javax.servlet.http.HttpServletRequest request,
              javax.servlet.http.HttpServletResponse response)

Method Detail

getDefaultOpenTemplate

public String getDefaultOpenTemplate()

Specified by:

getDefaultOpenTemplate in class ClosingUIBean

getDefaultTemplate

protected String getDefaultTemplate()

Description copied from class: UIBean

A contract that requires each concrete UI Tag to specify which template should be used as a default. For example, the CheckboxTab might return "checkbox.vm" while the RadioTag might return "radio.vm". This value not begin with a '/' unless you intend to make the path absolute rather than relative to the current theme.

Specified by:

getDefaultTemplate in class UIBean

Returns:

The name of the template to be used as the default.

setAsync

public void setAsync(String async)

setCharset

public void setCharset(String charset)

setDefer

public void setDefer(String defer)

setSrc

public void setSrc(String src)

setType

public void setType(String type)

setReferrerpolicy

public void setReferrerpolicy(String referrerpolicy)

setNomodule

public void setNomodule(String nomodule)

setIntegrity

public void setIntegrity(String integrity)

setCrossorigin

public void setCrossorigin(String crossorigin)

usesBody

public boolean usesBody()

Description copied from class: Component

Overwrite to set if body should be used.

Overrides:

usesBody in class Component

Returns:

always false for this component.

evaluateExtraParams

protected void evaluateExtraParams()

Overrides:

evaluateExtraParams in class UIBean