How to disable scripting elements in JSP pages?

With the introduction of Expression Language in JSP 2.0 it is recommended to use the EL instead of using a scripting elements / scriptlets. That means if we want to access a server-side objects it is recommended to use EL then to write some Java codes in the JSP pages.

For this purpose in JSP 2.0 we are given a feature to disable the scripting elements by defining a scripting-invalid element within the <jsp-property-group> in the deployment descriptor / web.xml file.

Here is the JSP configuration that you need to add in the web.xml file:

<web-app xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
         version="3.0">
    <display-name>JSP Examples</display-name>

    <jsp-config>
        <jsp-property-group>
            <url-pattern>*.jsp</url-pattern>
            <scripting-invalid>true</scripting-invalid>
        </jsp-property-group>
    </jsp-config>
</web-app>

When you try to request a JSP page that have a scripting elements in, it will give you an error message like this:

HTTP Status 500 - /sessionWriteRead.jsp (line: 10, column: 2) Scripting elements ( <%!, <jsp:declaration, <%=, <jsp:expression, <%, <jsp:scriptlet ) are disallowed here.

Wayan Saryada

Wayan Saryada

A programmer, runner, recreational diver, currently living in the island of Bali, Indonesia. Mostly programming in Java, creating web based application with Spring Framework, JPA, etc. If you need help on Java programming you can hire me on Fiverr.
Wayan Saryada

Leave a Reply