Using GSP views in plain Spring MVC without Grails

Question

I would like to use GSP views instead of JSP/JSTL views in a plain old Spring MVC application. I have added a groovy.servlet.TemplateServlet to web.xml like this:

<servlet>
    <servlet-name>GroovyTemplate</servlet-name>
    <servlet-class>groovy.servlet.TemplateServlet</servlet-class>
    <init-param>
            <param-name>template.engine</param-name>
            <param-value>groovy.text.GStringTemplateEngine</param-value>
    </init-param>
</servlet>
<servlet-mapping>
    <servlet-name>GroovyTemplate</servlet-name>
    <url-pattern>*.gsp</url-pattern>
</servlet-mapping>

And setup a Spring InternalResourceViewResolver to load the GPS files. Upto this point it all works fine, but to expose the values in the Model to the template I had to do some tricks (subclassing TemplateServlet and adding them to the ServletBinding).

Now my next obstacle is that JSTL by default escapes XML when using the c:out tag and Grails has the notion of codecs to automatically escape values used in a GSP. The template method described above does not escape by default, which requires the developers to be very careful to avoid XSS vulnerabilities.

Is there another (better) way to use GSP including automatic escaping in a plain Spring MVC application without using Grails?

Answer 1

Today GSP for Spring Boot was just released. This provides the ability to use GSP instead of JSP in a regular Spring web application. You can see an example here: https://github.com/grails/grails-boot/blob/master/sample-apps/gsp/script/templates/index.gsp