struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: OGNL expressions in headers and parameters
Date Mon, 13 Mar 2017 09:11:02 GMT
2017-03-13 9:50 GMT+01:00 Tamás Barta <bartatamas@gmail.com>:
> I mean I never want a http header or parameter be handled as OGNL
> expression and got evaluated. I would like it to be retrieved as it is. For
> security purpose.

As I said, Struts doesn't evaluate incoming params as OGNL
expressions, but when you use such param in a JSP, it will be
evaluated.

<s:property name="%{#request.someParam}"/>

The same can happen in ActionSupport#getText() but this is out of
Struts control.


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message