(Quick Reference)

2 GSP Basics

Version: 7.0.0-M1

2 GSP Basics

In the next view sections we’ll go through the basics of GSP and what is available to you. First off let’s cover some basic syntax that users of JSP and ASP should be familiar with.

GSP supports the usage of <% %> scriptlet blocks to embed Groovy code (again this is discouraged):

<html>
   <body>
     <% out << "Hello GSP!" %>
   </body>
</html>

You can also use the <%= %> syntax to output values:

<html>
   <body>
     <%="Hello GSP!" %>
   </body>
</html>

GSP also supports JSP-style server-side comments (which are not rendered in the HTML response) as the following example demonstrates:

<html>
   <body>
     <%-- This is my comment --%>
     <%="Hello GSP!" %>
   </body>
</html>
Warning Embedding data received from user input has the risk of making your application vulnerable to an Cross Site Scripting (XSS) attack. Please read the documentation on {grailsdocs}guide/security.html#xssPrevention[XSS prevention] for information on how to prevent XSS attacks.

2.1 Variables and Scopes

Within the <% %> brackets you can declare variables:

<% now = new Date() %>

and then access those variables later in the page:

<%=now%>

Within the scope of a GSP there are a number of pre-defined variables, including:

  • application - The {javaee}javax/servlet/ServletContext.html[javax.servlet.ServletContext] instance

  • applicationContext The Spring {springapi}org/springframework/context/ApplicationContext.html[ApplicationContext] instance

  • flash - The {controllersRef}/flash.html[flash] object

  • grailsApplication - The {grailsapi}grails/core/GrailsApplication.html[GrailsApplication] instance

  • out - The response writer for writing to the output stream

  • params - The {controllersRef}/params.html[params] object for retrieving request parameters

  • request - The {javaee}javax/servlet/http/HttpServletRequest.html[HttpServletRequest] instance

  • response - The {javaee}javax/servlet/http/HttpServletResponse.html[HttpServletResponse] instance

  • session - The {javaee}javax/servlet/http/HttpSession.html[HttpSession] instance

  • webRequest - The {grailsapi}org/grails/web/servlet/mvc/GrailsWebRequest.html[GrailsWebRequest] instance

2.2 Logic and Iteration

Using the <% %> syntax you can embed loops and so on using this syntax:

<html>
   <body>
      <% [1,2,3,4].each { num -> %>
         <p><%="Hello ${num}!" %></p>
      <%}%>
   </body>
</html>

As well as logical branching:

<html>
   <body>
      <% if (params.hello == 'true')%>
      <%="Hello!"%>
      <% else %>
      <%="Goodbye!"%>
   </body>
</html>

2.3 Page Directives

GSP also supports a few JSP-style page directives.

The import directive lets you import classes into the page. However, it is rarely needed due to Groovy’s default imports and GSP Tags:

<%@ page import="java.awt.*" %>

Separate imports with semicolons ;. As a convention, you should split larger number of imports into separate lines to improve readability, which requires adding backslash \ at the end of each line:

<%@ page import="java.awt.*; \
your.custom.ComponentA; \
your.custom.ComponentB;"
%>

GSP also supports the contentType directive:

<%@ page contentType="application/json" %>

The contentType directive allows using GSP to render other formats.

2.4 Expressions

In GSP the <%= %> syntax introduced earlier is rarely used due to the support for GSP expressions. A GSP expression is similar to a JSP EL expression or a Groovy GString and takes the form ${expr}:

<html>
  <body>
    Hello ${params.name}
  </body>
</html>

However, unlike JSP EL you can have any Groovy expression within the ${..} block.

Warning Embedding data received from user input has the risk of making your application vulnerable to a Cross Site Scripting (XSS) attack. Please read the documentation on {grailsdocs}guide/security.html#xssPrevention[XSS prevention] for information on how to prevent XSS attacks.