tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <mgai...@hotmail.com>
Subject RE: Disable java code execution <%blabla%> in jsp, but permits tags
Date Sat, 13 Sep 2008 22:15:05 GMT

use ths struts if tag to conditionally disable the code
<%@ taglib prefix="s" uri="/struts-tags"%>

<s:if test="%{false}">
    <div>Will Not Be Executed</div>
</s:if>

http://struts.apache.org/2.0.11.2/docs/if.html
datorită struts
Martin 
______________________________________________ 
Disclaimer and confidentiality note 
Everything in this e-mail and any attachments relates to the official business of Sender.
This transmission is of a confidential nature and Sender does not endorse distribution to
any party other than intended recipient. Sender does not necessarily endorse content contained
within this transmission. 


> Date: Sat, 13 Sep 2008 08:58:59 -0700
> From: coolwhiff@mail.ru
> To: users@tomcat.apache.org
> Subject: Re: Disable java code execution <%blabla%> in jsp, but permits tags
> 
> 
> We want them to be able to customize information they get from our system by
> using custom tags
> 
> 
> H. Hall wrote:
> > 
> > kazukin6 wrote:
> >> Plz Help !!
> >> Is it possible to disable all java code execution within jsp page (by
> >> security manager or something)
> >> but allow custom tags to be executed?
> >>
> >> The problem is that the users can change jsp files, and due to security
> >> reasons we can allow them to use only tags 
> >>   
> > Why are users allowed to change jsp files?
> > 
> > HH
> > 
> > 
> > 
> > -- 
> > H. Hall
> > ReedyRiver Group LLC
> > http://www.reedyriver.com
> > 
> > 
> > ---------------------------------------------------------------------
> > To start a new topic, e-mail: users@tomcat.apache.org
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> > 
> > 
> > 
> 
> -- 
> View this message in context: http://www.nabble.com/Disable-java-code-execution-%3C-blabla-%3E-in-jsp%2C-but-permits-tags-tp19415053p19471795.html
> Sent from the Tomcat - User mailing list archive at Nabble.com.
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 

_________________________________________________________________
Get more out of the Web. Learn 10 hidden secrets of Windows Live.
http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message