cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tobia Conforto <>
Subject Re: Doing string operations over sitemap values
Date Thu, 14 Feb 2008 12:42:35 GMT
Nacho ( wrote:
> * I have this URL "http://localhost:8080/b/menores-de-edad"
> * In sitemap i have a match like "b/**"
> * I need to do replace "-" in {1} to spaces
> * I do this using an input module inheriting from  
> AbstractJXPathModule, and using a xpath like expression,  
> "{request:translate('{1}','-','')}"

I would write a custom input module that can be called safely like this:
"{translate:-: :{1}}"
It can be implemented using basic java.lang.String methods.

I think your solution doesn't quote the argument correctly and is  
susceptible to "JX code injection" or other problems.
For example the user might go to: http://localhost:8080/b/hello',,'world
If I'm not mistaken, the ' after hello would close the Jx string and  
damage would ensue.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message