struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aram Mkhitaryan" <>
Subject Re: Preventing OGNL evaluations of user input (was Re: Struts 2 performance)
Date Tue, 17 Jul 2007 05:33:26 GMT
I mean if I have myOgnlExpression(%{'property'+2}) in value stack,

according to the latest changes %{myOgnlExpression} will print
but what if that expression is not client side defined, but site
administrator/developer defined and id should be executed???
but if we have %{eval(myOgnlExpression)} it may print for example "welcome
to ..." (the value of property2)

Aram Mkhitaryan

52, 25 Lvovyan, Yerevan 375000, Armenia

Mobile: +374 91 518456

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message