struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <>
Subject Re: OGNL expressions in headers and parameters
Date Mon, 13 Mar 2017 09:11:02 GMT
2017-03-13 9:50 GMT+01:00 Tamás Barta <>:
> I mean I never want a http header or parameter be handled as OGNL
> expression and got evaluated. I would like it to be retrieved as it is. For
> security purpose.

As I said, Struts doesn't evaluate incoming params as OGNL
expressions, but when you use such param in a JSP, it will be

<s:property name="%{#request.someParam}"/>

The same can happen in ActionSupport#getText() but this is out of
Struts control.

+ 48 606 323 122

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message