Can we use scriptlets inside Javascript?

Question

Here is my Code:

<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@page import="java.sql.*"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Example of Java Server Page with JDBC</title>
    </head>
<script>
function myFunction() {
    var x='<% request.getParameter("ServerName"); %>';
    alert(x);
</script>
<body>
<form>
    ServerName:  <input type="text" name="ServerName"   required> <br><br>
<input type="submit" id="btnSubmit" name="btnSubmit" />
            </div>
            </form>
  </body>
</html>

Here in the above function onclick of a button i want to execute the scriptlets which is inside javascript?

You shoud avoid scriptlet in jsp. Use [EL](https://docs.oracle.com/javaee/6/tutorial/doc/gjddd.html) or [JSTL](http://docs.oracle.com/javaee/5/tutorial/doc/bnakc.html) — Vinoth Krishnan, Jul 31 '15 at 05:06
Thanks for your suggestion vinoth but i would like to give it a try. — srikanth r, Jul 31 '15 at 05:30

score 1 · Answer 1 · answered Jul 31 '15 at 14:30

you can also use this:

<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@page import="java.sql.*"%>
<%
String ServerName = (String)request.getParameter("ServerName");
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Example of Java Server Page with JDBC</title>
    </head>
<script>
function myFunction() {
    var x='<%=ServerName%>';
    alert(x);
</script>
<body>

    ServerName:  <input type="text" name="ServerName"   required> <br><br>
<input type="submit" id="btnSubmit" name="btnSubmit" />
            </div>
            </form>
  </body>
</html>

score 1 · Answer 2 · answered Jul 31 '15 at 14:35

1

You can, but if you want the result to be passed to the JavaScript you have to output something.

var x='<%= request.getParameter("ServerName"); %>';
         ^ output!

… and unless you take measures to escape that data, you render yourself vulnerable to XSS attacks.

(And, obviously, this won't work until the form is actually submitted)

answered Jul 31 '15 at 14:35

Quentin

914,110
126
1,211
1,335

@srikanthr — What more detail do you need? It's a basic concept and a one character fix which I highlighted for you in the answer. – Quentin Aug 11 '15 at 12:34

Can we use scriptlets inside Javascript?

2 Answers2