applying spring:url best practices

Author: scothis

org.springframework.samples.petclinic/src/main/webapp/WEB-INF/jsp/dataAccessFailure.jsp

@@ -14,6 +14,6 @@ ex.printStackTrace(new java.io.PrintWriter(out));
 
 <p/>
 <br/>
-<a href="<spring:url value="/welcome.do"/>">Home</a>
+<a href="<spring:url value="/welcome" escapeXml="true" />">Home</a>
 
 <%@ include file="/WEB-INF/jsp/footer.jsp" %>

org.springframework.samples.petclinic/src/main/webapp/WEB-INF/jsp/findOwners.jsp

@@ -4,7 +4,7 @@
 <h2>Find Owners:</h2>
 
 <spring:url value="/clinic/owners" var="formUrl"/>
-<form:form modelAttribute="owner" action="${formUrl}" method="GET">
+<form:form modelAttribute="owner" action="${fn:escapeXml(formUrl)}" method="get">
   <table>
     <tr>
       <th>
@@ -20,6 +20,6 @@
 </form:form>
 
 <br/>
-<a href='<spring:url value="/clinic/owners/new"/>'>Add Owner</a>
+<a href='<spring:url value="/clinic/owners/new" escapeXml="true"/>'>Add Owner</a>
 
 <%@ include file="/WEB-INF/jsp/footer.jsp" %>

org.springframework.samples.petclinic/src/main/webapp/WEB-INF/jsp/footer.jsp

@@ -1,8 +1,8 @@
 
   <table class="footer">
     <tr>
-      <td><a href="<spring:url value="/clinic/welcome"/>">Home</a></td>
-      <td align="right"><img src="<spring:url value="/images/springsource-logo.png"/>" alt="Sponsored by SpringSource"/></td>
+      <td><a href="<spring:url value="/clinic/welcome" escapeXml="true" />">Home</a></td>
+      <td align="right"><img src="<spring:url value="/images/springsource-logo.png" escapeXml="true" />" alt="Sponsored by SpringSource"/></td>
     </tr>
   </table>
 

org.springframework.samples.petclinic/src/main/webapp/WEB-INF/jsp/header.jsp

@@ -5,7 +5,7 @@
 
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
-  <link rel="stylesheet" href="<spring:url value="/styles/petclinic.css"/>" type="text/css"/>
+  <link rel="stylesheet" href="<spring:url value="/styles/petclinic.css" escapeXml="true" />" type="text/css"/>
   <title>PetClinic :: a Spring Framework demonstration</title>	
 </head>
 

org.springframework.samples.petclinic/src/main/webapp/WEB-INF/jsp/includes.jsp

@@ -2,3 +2,4 @@
 <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>

org.springframework.samples.petclinic/src/main/webapp/WEB-INF/jsp/owner.jsp

@@ -24,10 +24,16 @@
   <table class="table-buttons">
     <tr>
       <td colspan="2" align="center">
-        <a href="<spring:url value="${owner.id}/edit"/>">Edit Owner</a>
+        <spring:url value="{ownerId}/edit" var="editUrl">
+        	<spring:param name="ownerId" value="${owner.id}" />
+        </spring:url>
+        <a href="${fn:escapeXml(editUrl)}">Edit Owner</a>
       </td>
       <td>
-        <a href="<spring:url value="${owner.id}/pets/new"/>">Add New Pet</a>
+        <spring:url value="{ownerId}/pets/new" var="addUrl">
+        	<spring:param name="ownerId" value="${owner.id}" />
+        </spring:url>
+        <a href="${fn:escapeXml(addUrl)}">Add New Pet</a>
       </td>
     </tr>
   </table>
@@ -74,17 +80,19 @@
     <table class="table-buttons">
       <tr>
         <td>
-          <spring:url value="${owner.id}/pets/{petId}" var="petUrl">
+          <spring:url value="{ownerId}/pets/{petId}" var="petUrl">
+            <spring:param name="ownerId" value="${owner.id}"/>
             <spring:param name="petId" value="${pet.id}"/>
           </spring:url>
-          <a href="${petUrl}">Edit Pet</a>
+          <a href="${fn:escapeXml(petUrl)}">Edit Pet</a>
         </td>
         <td></td>
         <td>
-          <spring:url value="${owner.id}/pets/{petId}/visits/new" var="visitUrl">
+          <spring:url value="{ownerId}/pets/{petId}/visits/new" var="visitUrl">
+            <spring:param name="ownerId" value="${owner.id}"/>
             <spring:param name="petId" value="${pet.id}"/>
           </spring:url>
-          <a href="${visitUrl}">Add Visit</a>
+          <a href="${fn:escapeXml(visitUrl)}">Add Visit</a>
         </td>
       </tr>
     </table>

org.springframework.samples.petclinic/src/main/webapp/WEB-INF/jsp/owners.jsp

@@ -19,7 +19,7 @@
           <spring:url value="owners/{ownerId}" var="ownerUrl">
               <spring:param name="ownerId" value="${owner.id}"/>
           </spring:url>
-          <a href="${ownerUrl}">${owner.firstName} ${owner.lastName}</a>
+          <a href="${fn:escapeXml(ownerUrl)}">${owner.firstName} ${owner.lastName}</a>
       </td>
       <td>${owner.address}</td>
       <td>${owner.city}</td>

org.springframework.samples.petclinic/src/main/webapp/WEB-INF/jsp/welcome.jsp

@@ -1,13 +1,13 @@
 <%@ include file="/WEB-INF/jsp/includes.jsp" %>
 <%@ include file="/WEB-INF/jsp/header.jsp" %>
 
-<img src="<spring:url value="/images/pets.png"/>" align="right" style="position:relative;right:30px;">
+<img src="<spring:url value="/images/pets.png" escapeXml="true" />" align="right" style="position:relative;right:30px;">
 <h2><fmt:message key="welcome"/></h2>
 
 <ul>
-  <li><a href="<spring:url value="/clinic/owners/form"/>">Find owner</a></li>
-  <li><a href="<spring:url value="/clinic/vets"/>">Display all veterinarians</a></li>
-  <li><a href="<spring:url value="/html/petclinic.html"/>">Tutorial</a></li>
+  <li><a href="<spring:url value="/clinic/owners/form" escapeXml="true" />">Find owner</a></li>
+  <li><a href="<spring:url value="/clinic/vets" escapeXml="true" />">Display all veterinarians</a></li>
+  <li><a href="<spring:url value="/html/petclinic.html" escapeXml="true" />">Tutorial</a></li>
 </ul>
 
 <p>&nbsp;</p>