struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aram Mkhitaryan" <aram.mkhitar...@googlemail.com>
Subject Re: Preventing OGNL evaluations of user input (was Re: Struts 2 performance)
Date Tue, 17 Jul 2007 05:33:26 GMT
I mean if I have myOgnlExpression(%{'property'+2}) in value stack,

according to the latest changes %{myOgnlExpression} will print
"%{'property'+2}"
but what if that expression is not client side defined, but site
administrator/developer defined and id should be executed???
but if we have %{eval(myOgnlExpression)} it may print for example "welcome
to ..." (the value of property2)

Best,
Aram
________________________________
Aram Mkhitaryan

52, 25 Lvovyan, Yerevan 375000, Armenia

Mobile: +374 91 518456
E-mail: aram.mkhitaryan@googlemail.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message