JSP comments are a good way of explaining any complicated logic that may have arisen for whatever reason—perhaps it could be used to flag a piece of scripting code to be simplified at a later date with a custom tag. Alternatively, comments provide non-Java-speaking HTML users or web designers some clues as to what a piece of "magic" JSP code does.
JSP comments may be declared inside a JSP as follows:
<%-- This is a JSP comment --%>
Comments in JSPs get stripped out during the translation phase and aren't sent to the client as part of the response. HTML comments on the other hand, such as the one shown here, do get sent to a client's browser and any client can view the comments by using the View Source options that most modern browsers provide:
<!-- This is an HTML comment -->
The fact that JSP comments are stripped and don't form part of a client response is a good thing as it not only keeps the size of the response as small as possible thereby aiding performance, but also removes clues to a potential hacker with regards to the technology used to implement a web-based application the hacker is targeting.
There is of course no reason why JSP and HTML comments cannot work together:
<!— HTML comment generated <%= new java.util.Date() %> -->
You'll learn the meaning of this JSP expression shortly, but suffice to say the previous comment produces the following in the content returned to a client:
<!— HTML comment generated Fri Jan 03 12:37:09 GMT 2003 -->
JSP comments may be declared inside a JSP as follows:
<%-- This is a JSP comment --%>
Comments in JSPs get stripped out during the translation phase and aren't sent to the client as part of the response. HTML comments on the other hand, such as the one shown here, do get sent to a client's browser and any client can view the comments by using the View Source options that most modern browsers provide:
<!-- This is an HTML comment -->
The fact that JSP comments are stripped and don't form part of a client response is a good thing as it not only keeps the size of the response as small as possible thereby aiding performance, but also removes clues to a potential hacker with regards to the technology used to implement a web-based application the hacker is targeting.
There is of course no reason why JSP and HTML comments cannot work together:
<!— HTML comment generated <%= new java.util.Date() %> -->
You'll learn the meaning of this JSP expression shortly, but suffice to say the previous comment produces the following in the content returned to a client:
<!— HTML comment generated Fri Jan 03 12:37:09 GMT 2003 -->
No comments:
Post a Comment