How to encode a String representing URL path with JSTL?

Asked 19/2, 2011 at 22:32 Answered 22/7, 2019 at 13:54

What is the best way to URL-encode a String representing URL path (not request parameter) with JSTL?

<c:url value="/user/${user.name}"/>

According to any documentation I find, this should take care of it. But it does not. It encodes parameters beautifully (<c:url value="/user/${user.name}"><c:param name="section" value="employment 4u so good"/></c:url>) but I'm not passing any parameters. How can I safely encode a simple URL, like above, without fear of what ${user.name} could be?

Cns answered 19/2, 2011 at 22:32 Comment(0)

The <c:url> does not encode the URI as specified in its value, but just URL request parameters which are specified by a nested <c:param>. The IBM article which you linked also doesn't tell otherwise. I think that you confused it with "URL rewriting" (which is in essence nothing more than appending the jsessionid whenever necessary). The <c:url> indeed does that as well when cookies are disabled.

To achieve your requirement, of URI-encoding the path parameters, best is to create a custom EL function which delegates to URLEncoder#encode() and alters the outcome conform URI rules.

<a href="/user/${util:encodeURI(user.name)}">view profile</a>

with

public static String encodeURI(String value) throws UnsupportedEncodingException {
    return URLEncoder.encode(value, "UTF-8")
        .replace("+", "%20")
        .replace("%21", "!")
        .replace("%27", "'")
        .replace("%28", "(")
        .replace("%29", ")")
        .replace("%7E", "~");
}

In the 2nd part of this answer you can find a basic kickoff example how to declare and register custom EL functions.

Rida answered 21/2, 2011 at 10:22 Comment(5)

Thanks, Balus C. This is what I'm currently doing. I hoped there was something built in but if this is the best way then so be it. – Cns 21/2, 2011 at 16:32

Curiously enough URLEncoder.encode() is actually not the correct way to encode a URL. It is the correct way to encode a URL parameter. It changes spaces to + for example. The correct technique is new URI(null, url, null).toASCIIString(), which for example changes spaces to %20. – Fasten 3/8, 2011 at 0:40

The question in your final link seems to have been deleted and is only viewable by 10k+ users. – Castellano 11/9, 2012 at 19:1

@Brant: it's mirrored at balusc.blogspot.com/2010/01/hidden-features-of-jspservlet.html. There's another example in this answer: #6396121 – Rida 11/9, 2012 at 19:3

Sadly I didn't find any library for encoding URL path segments, therefore easiest way is replace(). ... – Whitehot 5/7, 2016 at 12:9

I'm sure you already knew this was an alternative solution, but I decided for my particular use the most elegant solution was to use a request attribute.

So in my servlet:

req.setAttribute("myUrl", URLEncoder.encode(myUrl, "UTF-8"));

and in my JSP:

"...${myUrl}"

Judaism answered 1/7, 2011 at 15:5 Comment(1)

This is incorrect. See EJP's comment. – Whitehot 5/7, 2016 at 10:36

you could use the jakarta String TagLib, which has a encodeUrl tag: http://jakarta.apache.org/taglibs/doc/string-doc/string-1.1.0/index.html#encodeUrl

Follow these steps to configure your web application with this tag library:

Copy the tag library descriptor file to the /WEB-INF subdirectory of your web application.
Copy the tag library JAR file to the /WEB-INF/lib subdirectory of your web application.
Add a element to your web application deployment descriptor in /WEB-INF/web.xml as said in the above link

To use the tags from this library in your JSP pages, add the following directive at the top of each page:

below is the example of usage in jsp:

<a href="str:decodeUrl>${URL}</str:decodeUrl)"/>

Penury answered 14/9, 2012 at 19:33 Comment(1)

There's a big red warning box on top of all Jakarta taglib pages which says "2010-04-14 - Jakarta Taglibs has been retired." This isn't just for decoration. You shouldn't use it anymore. – Rida 14/9, 2012 at 19:43

Keep it simple in this way:

<%= java.net.URLEncoder.encode(request.getAttribute("user.name").toString() , "UTF-8") %>

Individualist answered 20/6, 2014 at 16:31 Comment(3)

Well, this is keeping it easy, not simple. – Cns 28/6, 2014 at 18:52

For me, copy paste in the place that I need it, is simple. Easy could be use less characters. – Academic 29/6, 2014 at 19:49

This is incorrect. See EJP's comment. – Whitehot 5/7, 2016 at 10:37

The correct technique is new URI(null, url, null).toASCIIString(), which for example changes spaces to %20