tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kazukin6 <coolwh...@mail.ru>
Subject The question is answered. See Bill Barker-2 answer
Date Sun, 14 Sep 2008 00:32:54 GMT

Hi, Martin
Thanks for the answer
I see, what you mean, but the problem is slightly different

The matter is that our users can change jsp files whatever they like via
administrative interface, so we want to restrict the use of scriplets in
these jsp's because of possible abuses

Bill Barker-2 provided the comprehensive answer to this problem


mgainty wrote:
> 
> 
> use ths struts if tag to conditionally disable the code
> <%@ taglib prefix="s" uri="/struts-tags"%>
> 
> <s:if test="%{false}">
>     <div>Will Not Be Executed</div>
> </s:if>
> 
> http://struts.apache.org/2.0.11.2/docs/if.html
> datorită struts
> Martin 
> ______________________________________________ 
> Disclaimer and confidentiality note 
> Everything in this e-mail and any attachments relates to the official
> business of Sender. This transmission is of a confidential nature and
> Sender does not endorse distribution to any party other than intended
> recipient. Sender does not necessarily endorse content contained within
> this transmission. 
> 
> 
>> Date: Sat, 13 Sep 2008 08:58:59 -0700
>> From: coolwhiff@mail.ru
>> To: users@tomcat.apache.org
>> Subject: Re: Disable java code execution <%blabla%> in jsp, but permits
>> tags
>> 
>> 
>> We want them to be able to customize information they get from our system
>> by
>> using custom tags
>> 
>> 
>> H. Hall wrote:
>> > 
>> > kazukin6 wrote:
>> >> Plz Help !!
>> >> Is it possible to disable all java code execution within jsp page (by
>> >> security manager or something)
>> >> but allow custom tags to be executed?
>> >>
>> >> The problem is that the users can change jsp files, and due to
>> security
>> >> reasons we can allow them to use only tags 
>> >>   
>> > Why are users allowed to change jsp files?
>> > 
>> > HH
>> > 
>> > 
>> > 
>> > -- 
>> > H. Hall
>> > ReedyRiver Group LLC
>> > http://www.reedyriver.com
>> > 
>> > 
>> > ---------------------------------------------------------------------
>> > To start a new topic, e-mail: users@tomcat.apache.org
>> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> > For additional commands, e-mail: users-help@tomcat.apache.org
>> > 
>> > 
>> > 
>> 
>> -- 
>> View this message in context:
>> http://www.nabble.com/Disable-java-code-execution-%3C-blabla-%3E-in-jsp%2C-but-permits-tags-tp19415053p19471795.html
>> Sent from the Tomcat - User mailing list archive at Nabble.com.
>> 
>> 
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>> 
> 
> _________________________________________________________________
> Get more out of the Web. Learn 10 hidden secrets of Windows Live.
> http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008
> 

-- 
View this message in context: http://www.nabble.com/Disable-java-code-execution-%3C-blabla-%3E-in-jsp%2C-but-permits-tags-tp19415053p19476209.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message