Tangential, but I’d consider wrapping up long OGNL excursions somewhere else besides the view layer.
em: davelnew...@gmail.com mo: 908-380-8699 gh: davelnewton <https://github.com/davelnewton> so: Dave Newton <http://stackoverflow.com/users/438992/dave-newton> On Fri, May 9, 2025 at 17:27 Deborah White <deborah.wh...@doj.ca.gov.invalid> wrote: > That took care of that one. Now I have this: > 14:23:09,654 ERROR [org.apache.struts2.ognl.OgnlValueStack] (default > task-1) Could not evaluate this expression due to security constraints: > [#request["MYUtils"].isUserInRole("Program_Manager") || > #request["MYUtils"].isUserInRole("Audit_Supervisor") || > #request["MYUtils"].isUserInRole("Audit_Staff") || > #request["MYUtils"].isUserInRole("Level_1_Processor") || > #request["MYUtils"].isUserInRole("Level_2_Processor") || > #request["MYUtils"].isUserInRole("Level_3_Processor")]: ognl.OgnlException: > Parsing blocked due to security reasons! [java.lang.SecurityException: This > expression exceeded maximum allowed length: > #request["MYUtils"].isUserInRole("Program_Manager") || > #request["MYUtils"].isUserInRole("Audit_Supervisor") || > #request["MYUtils"].isUserInRole("Audit_Staff") || > #request["MYUtils"].isUserInRole("Level_1_Processor") || > #request["MYUtils"].isUserInRole("Level_2_Processor") || > #request["MYUtils"].isUserInRole("Level_3_Processor")] > Caused by: java.lang.SecurityException: This expression exceeded maximum > allowed length: #request["MYUtils"].isUserInRole("Program_Manager") || > #request["MYUtils"].isUserInRole("Audit_Supervisor") || > #request["MYUtils"].isUserInRole("Audit_Staff") || > #request["MYUtils"].isUserInRole("Level_1_Processor") || > #request["MYUtils"].isUserInRole("Level_2_Processor") || > #request["MYUtils"].isUserInRole("Level_3_Processor") > -----Original Message----- > From: Wolfgang Knauf <wolfgang.kn...@gmx.de.INVALID> > Sent: Friday, May 9, 2025 12:46 PM > To: user@struts.apache.org > Subject: Re: Struts 7 problem > > EXTERNAL EMAIL: This message was sent from outside DOJ. Please do not > click links or open attachments that appear suspicious. > > > Hi Deborah, > > could be a matter of casing - the attribute is "escapeHtml": > > https://urldefense.proofpoint.com/v2/url?u=https-3A__struts.apache.org_tag-2Ddevelopers_property-2Dtag.html&d=DwIFaQ&c=uASjV29gZuJt5_5J5CPRuQ&r=nKDP-dawHhLZnXgTPWFen5qvRPMWAdYO6bsGXhaJOzk&m=aXgukS-NkcL78Ng5156UQDZ1fKg7z3s0u-KxFyK8W8_IIC6p6Xajb4cncqEYoZao&s=neyEKqpoeWVLnnm_nLLFQXpVYotkMnjLQGVy7BeloeY&e= > > Does this help? > > Wolfgang > > Am 09.05.25 um 20:15 schrieb Deborah White: > > I am getting this error after migrating to Struts 7.0.0. > > > > JBWEB004251: An error occurred at line: 5 column: 57) JBWEB004197: > Attribute escape invalid for tag property according to TLD > > > > I have found maybe related to this <s:property escape="false" />"? > > > > I tried changing to escapeHTML but that didn't seem to work. > > > > Any ideas? > > > > CONFIDENTIALITY NOTICE: This communication with its contents may contain > confidential and/or legally privileged information. It is solely for the > use of the intended recipient(s). Unauthorized interception, review, use or > disclosure is prohibited and may violate applicable laws including the > Electronic Communications Privacy Act. If you are not the intended > recipient, please contact the sender and destroy all copies of the > communication. > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > > CONFIDENTIALITY NOTICE: This communication with its contents may contain > confidential and/or legally privileged information. It is solely for the > use of the intended recipient(s). Unauthorized interception, review, use or > disclosure is prohibited and may violate applicable laws including the > Electronic Communications Privacy Act. If you are not the intended > recipient, please contact the sender and destroy all copies of the > communication. >
