|
Emit flexible URLs
The URLs emitted by a web application should respond flexibly to changes in deployment details, and to the possible use of session IDs by the container:
- relative URLs are usually preferred, as they are insensitive to deployment details.
- JSTL's <c:url> and <c:redirect> tags are helpful, since they prepend the application context, and they also transparently rewrite the URL if necessary, by adding a session ID. Note that <c:url> is used only with relative URLs.
- URL rewriting is considered by many to be a security risk.
- The <c:url> tag doesn't escape ampersand characters. This means, unfortunately, that the URL generated by <c:url> doesn't always form a valid HTML HREF attribute. When the URL generated by <c:url> contains more than one request parameter (as in Blah.do?X=Y&A=B), some means should be used to properly escape the '&' character.
See Also :
Would you use this technique?
|