struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Maurizio Cucchiara (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-4073) Disable eval expressions and simple JSTL accessibility
Date Sat, 08 Jun 2013 20:54:20 GMT

    [ https://issues.apache.org/jira/browse/WW-4073?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13678851#comment-13678851
] 

Maurizio Cucchiara commented on WW-4073:
----------------------------------------

Hi [~johno],
the patch is good for me and well justified, what don't fully convinced me is the name of
the constant "disableJstlAccessibility". Actually, your patch disables the ValueStack lookup
of the request attributes.
                
> Disable eval expressions and simple JSTL accessibility
> ------------------------------------------------------
>
>                 Key: WW-4073
>                 URL: https://issues.apache.org/jira/browse/WW-4073
>             Project: Struts 2
>          Issue Type: New Feature
>    Affects Versions: 2.3.14
>            Reporter: Johno Crawford
>             Fix For: 2.3.15
>
>         Attachments: disable_simple_jstl_accessibility.patch, StrutsRequestWrapperDisablingInterceptor.java
>
>
> afaik the simple JSTL accessibility is used only in jsp. Currently we have a hacky interceptor
to disable it (see attached), would be nice if it were an option.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message