struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tamás Barta <bartata...@gmail.com>
Subject Re: OGNL expressions in headers and parameters
Date Mon, 13 Mar 2017 08:50:37 GMT
I mean I never want a http header or parameter be handled as OGNL
expression and got evaluated. I would like it to be retrieved as it is. For
security purpose.

On Mon, Mar 13, 2017 at 9:44 AM, Lukasz Lenart <lukaszlenart@apache.org>
wrote:

> 2017-03-13 9:41 GMT+01:00 Tamás Barta <bartatamas@gmail.com>:
> > Hi,
> >
> > Is there any way to disable evaluating OGNL expressions in HTTP headers
> and
> > request parameters?
>
> There is no direct evaluation of request parameters nor headers. The
> problem is that those values are often used by developers in JSPs or
> in some other places and then the evaluation happens.
>
>
> Regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message