commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 30298] - evaluate xpath expressions in functions
Date Tue, 03 Aug 2004 13:33:41 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=30298>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=30298

evaluate xpath expressions in functions





------- Additional Comments From dmitri@plotnix.com  2004-08-03 13:33 -------
Oh, yeah. That makes sense.  The reason the behavior of JXPath has changed is 
this: a few people requested a way to _disable_ the default PackageFunctions, 
because they presented a security problem. In some uses of JXPath, the XPath 
expressions are coming over an internet connection and therefore can be 
maliciously altered by a hacker.  For example, the hacker may send something 
like "java.lang.System.exit(1)". For this reason, folks wanted more control 
over which functions could be called from an expression.

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message