The security problem with the earlier Struts tags was that it was a two pass
system. The Container made the first pass through, converting all the JSTL
EL references, then the Struts tags got a chance to process the OGNL. So a
clever thief could conceivably put something in the system where the
c
Thanks for your quick response, Chris. I am just trying to figure out how is
the tag in the example on
http://struts.apache.org/2.x/docs/access-to-valuestack-from-jsps.html
working. I am trying to implement a custom tag which should evaluate for
both JSTL and OGNL expressions.
Thanks.
Chris Pr
As far as #1 is concerned, you can't use JSTL EL (${}) in OGNL tags ()
any longer. That was changed quite a while ago as a security precaution.
You would have to change those to OGNL EL (%{}) for them to work.
#2 seems to be working as it should with the JSTL Tag.
#3 & #4 seems to indicate you h
3 matches
Mail list logo
