- Your JSP page should be valid XML
- Avoid Scriptlets and JSP directives <% ... %>
- Use ${fn:escapeXml(...)} frequently, even if you know the data is safe
- Use <c:url> tag properly, including it's nested <c:param> tag so that URLs are properly encoded.
- Do not put your URL parameters within the <c:url> tag, put them in nested <c:param> tags.
- Use the proper and most recent standard JSTL taglibs. Globally replace all old JSTL taglib declarations so you don't have a mix of them floating around.
- Don't store your own copy of the standard JSTL tld files, they will inevitably end up out of sync with the JAR file you are using.
- Validate the rendered HTML content
- Open your JSP page in an XML editor to validate it
- Differences between <% include %>, <js:include>, and <c:import>
- Page scope for <c:forEach> tag variables and how to pass them to included or imported pages
- Parameterizing include/imported JSP fragments
- Naming standards for JSP page and fragments
- Using a main page template
- Using value objects so JSP fragments can be reused
- Precompile your JSPs
About Me
Wednesday, April 1, 2009
JSP Best Practices
I'm thinking of giving a talk on JSP best practices. We recently had a couple developers give an excellent talk on CSS and best practices and many of the concepts have corollaries in the underlying JSP rendering of a page. So I thought I start to gather some thoughts in this blog posting:
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment