craigmcc 01/01/31 16:48:08 Modified: src/share/org/apache/struts/taglib/html BaseFieldTag.java Log: Do not redisplay the contents of a field of type , because this caused the actual value to be included in the page source of the rendered page. This could lead to security concerns, for example if the password was invalid due to a simple typo. Submitted by: Frederic Bages Revision Changes Path 1.3 +5 -5 jakarta-struts/src/share/org/apache/struts/taglib/html/BaseFieldTag.java Index: BaseFieldTag.java =================================================================== RCS file: /home/cvs/jakarta-struts/src/share/org/apache/struts/taglib/html/BaseFieldTag.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- BaseFieldTag.java 2001/01/08 00:48:17 1.2 +++ BaseFieldTag.java 2001/02/01 00:48:07 1.3 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-struts/src/share/org/apache/struts/taglib/html/BaseFieldTag.java,v 1.2 2001/01/08 00:48:17 craigmcc Exp $ - * $Revision: 1.2 $ - * $Date: 2001/01/08 00:48:17 $ + * $Header: /home/cvs/jakarta-struts/src/share/org/apache/struts/taglib/html/BaseFieldTag.java,v 1.3 2001/02/01 00:48:07 craigmcc Exp $ + * $Revision: 1.3 $ + * $Date: 2001/02/01 00:48:07 $ * * ==================================================================== * @@ -79,7 +79,7 @@ * Convenience base class for the various input tags for text fields. * * @author Craig R. McClanahan - * @version $Revision: 1.2 $ $Date: 2001/01/08 00:48:17 $ + * @version $Revision: 1.3 $ $Date: 2001/02/01 00:48:07 $ */ public abstract class BaseFieldTag extends BaseInputTag { @@ -170,7 +170,7 @@ results.append(" value=\""); if (value != null) { results.append(BeanUtils.filter(value)); - } else { + } else if (!"password".equals(type)) { Object bean = pageContext.findAttribute(name); if (bean == null) throw new JspException