Package org.apache.struts2.components
Class Script
java.lang.Object
org.apache.struts2.components.Component
org.apache.struts2.components.UIBean
org.apache.struts2.components.ClosingUIBean
org.apache.struts2.components.Script
Add nonce propagation feature to implement CSP in script tags
The script tag allows the user to execute JavaScript. It also allows external resources to execute scripts which can be malicious. The s:script tag includes a nonce attribute that is being randomly generated with each request and only allows scripts with the valid nonce value to be executed.
Examples
<s:script ... />
- 
Field SummaryFieldsModifier and TypeFieldDescriptionprotected Stringprotected Stringprotected Stringprotected Stringprotected Stringprotected Stringprotected Stringprotected Stringprotected StringFields inherited from class org.apache.struts2.components.UIBeanaccesskey, ATTR_FIELD_VALUE, ATTR_NAME_VALUE, ATTR_VALUE, cssClass, cssErrorClass, cssErrorStyle, cssStyle, defaultTemplateDir, defaultUITheme, disabled, dynamicAttributes, errorPosition, id, javascriptTooltip, key, label, labelPosition, labelSeparator, name, onblur, onchange, onclick, ondblclick, onfocus, onkeydown, onkeypress, onkeyup, onmousedown, onmousemove, onmouseout, onmouseover, onmouseup, onselect, request, requiredLabel, requiredPosition, response, tabindex, template, templateDir, templateEngineManager, templateSuffix, theme, title, tooltip, tooltipConfig, tooltipCssClass, tooltipDelay, tooltipIconPath, uiStaticContentPath, uiThemeExpansionToken, valueFields inherited from class org.apache.struts2.components.ComponentactionMapper, attributes, COMPONENT_STACK, devMode, escapeHtmlBody, performClearTagStateForTagPoolingServers, stack, standardAttributesMap, throwExceptionOnELFailure
- 
Constructor SummaryConstructorsConstructorDescriptionScript(ValueStack stack, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) 
- 
Method SummaryModifier and TypeMethodDescriptionprotected voidprotected StringA contract that requires each concrete UI Tag to specify which template should be used as a default.voidvoidsetCharset(String charset) voidsetCrossorigin(String crossorigin) voidvoidsetIntegrity(String integrity) voidsetNomodule(String nomodule) voidsetReferrerpolicy(String referrerpolicy) voidvoidbooleanusesBody()Overwrite to set if body should be used.Methods inherited from class org.apache.struts2.components.ClosingUIBeansetOpenTemplate, startMethods inherited from class org.apache.struts2.components.UIBeanaddFormParameter, applyValueParameter, buildTemplateName, copyAttributes, enableAncestorFormCustomOnsubmit, end, ensureAttributeSafelyNotEscaped, escape, evaluateNameValue, evaluateParams, getId, getTemplate, getTemplateDir, getTheme, getTooltipConfig, getValueClassType, lazyEvaluation, mergeTemplate, populateComponentHtmlId, setAccesskey, setCssClass, setCssErrorClass, setCssErrorStyle, setCssStyle, setDefaultTemplateDir, setDefaultUITheme, setDisabled, setDynamicAttributes, setErrorPosition, setId, setJavascriptTooltip, setKey, setLabel, setLabelPosition, setLabelSeparator, setName, setOnblur, setOnchange, setOnclick, setOndblclick, setOnfocus, setOnkeydown, setOnkeypress, setOnkeyup, setOnmousedown, setOnmousemove, setOnmouseout, setOnmouseover, setOnmouseup, setOnselect, setRequiredLabel, setRequiredPosition, setStaticContentPath, setStyle, setTabindex, setTemplate, setTemplateDir, setTemplateEngineManager, setTheme, setTitle, setTooltip, setTooltipConfig, setTooltipCssClass, setTooltipDelay, setTooltipIconPath, setUIThemeExpansionToken, setValueMethods inherited from class org.apache.struts2.components.ComponentaddAllAttributes, addParameter, completeExpression, determineActionURL, determineNamespace, end, escapeHtmlBody, fieldError, findAncestor, findString, findString, findValue, findValue, findValue, getAttributes, getComponentStack, getNamespace, getPerformClearTagStateForTagPoolingServers, getStack, getStandardAttributes, isAcceptableExpression, isValidTagAttribute, popComponentStack, setActionMapper, setDevMode, setEscapeHtmlBody, setNotExcludedAcceptedPatterns, setPerformClearTagStateForTagPoolingServers, setThrowExceptionsOnELFailure, setUrlHelper, stripExpression, toString
- 
Field Details- 
async
- 
charset
- 
defer
- 
src
- 
type
- 
referrerpolicy
- 
nomodule
- 
integrity
- 
crossorigin
 
- 
- 
Constructor Details- 
Scriptpublic Script(ValueStack stack, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) 
 
- 
- 
Method Details- 
getDefaultOpenTemplate- Specified by:
- getDefaultOpenTemplatein class- ClosingUIBean
 
- 
getDefaultTemplateDescription copied from class:UIBeanA contract that requires each concrete UI Tag to specify which template should be used as a default. For example, the CheckboxTab might return "checkbox.vm" while the RadioTag might return "radio.vm". This value not begin with a '/' unless you intend to make the path absolute rather than relative to the current theme.- Specified by:
- getDefaultTemplatein class- UIBean
- Returns:
- The name of the template to be used as the default.
 
- 
setAsync
- 
setCharset
- 
setDefer
- 
setSrc
- 
setType
- 
setReferrerpolicy
- 
setNomodule
- 
setIntegrity
- 
setCrossorigin
- 
usesBodypublic boolean usesBody()Description copied from class:ComponentOverwrite to set if body should be used.
- 
evaluateExtraParamsprotected void evaluateExtraParams()- Overrides:
- evaluateExtraParamsin class- UIBean
 
 
-