2

Our application explicitly disables JSP scriplets in our web.xml:

<jsp-config>
    <jsp-property-group>
        <url-pattern>*.jsp</url-pattern>
        <scripting-invalid>true</scripting-invalid>
        <is-xml>true</is-xml>
        <default-content-type>text/html; charset=UTF-8</default-content-type>
        <error-on-undeclared-namespace>true</error-on-undeclared-namespace>
    </jsp-property-group>
</jsp-config>

One feature of scriptlets I really found useful was the ability to use scriplet comments which weren't rendered to the client. This allowed useful comments in the JSP code without exposing potentially sensitive information in bog standard HTML comments.

Can I replicate the functionality/purpose of JSP scriplet comments using JSTL (or other method)? E.g.

<%-- This comment won't be rendered to the client HTML --%>

EDIT:

Looks like the reason is that we have the 'isXml' flag set to true (see above edited jsp-config) and JSP comments aren't XML valid and so are rejected by the XML parser prior to JSP compilation.

Exception as follows when attempting to use JSP comments:

 [Exception] org.xml.sax.SAXParseException; lineNumber: 86; columnNumber: 6; The content of elements must consist of well-formed character data or markup.
Chris Knight
  • 24,333
  • 24
  • 88
  • 134
  • http://stackoverflow.com/questions/3914099/possible-to-comment-out-jstl-code – rickz Oct 25 '15 at 15:09
  • I just did some testing. I didn't have a problem. What you call "scriplet comments" are really just JSP comments. – rickz Oct 25 '15 at 15:41
  • Thanks @rickz. Think I've pinned down the problem a bit more (edits above). See also [http://stackoverflow.com/questions/3022015/how-to-comment-in-jspx-page](http://stackoverflow.com/questions/3022015/how-to-comment-in-jspx-page), though ours are standard jsp and not jspx pages (not sure the difference). – Chris Knight Oct 25 '15 at 16:58
  • Look at http://stackoverflow.com/questions/28235/should-i-be-doing-jspx-instead-of-jsp – rickz Oct 25 '15 at 17:05

0 Answers0