That just sounds ridiculous. Because of the possibility of end users injecting malicious OGNL we won't be able to use JSP expression language.
Pardon me for being blunt but isn't the obvious solution to fix the underlying vulnerability in OGNL rather than crippling JSP and Freemarker use in struts2. This basically forces us to use OGNL, which I think is plain wrong. Z. > You can up until Struts 2.0.9. There is a security flaw related to this though > and you will no longer be able to do it in Struts 2.0.10. > > See the following JIRA ticket for more info: > > https://issues.apache.org/struts/browse/WW-2107 > > James > > > On Wed Sep 5 11:31 , Néstor Boscán <[EMAIL PROTECTED]> sent: > >> Hi >> >> >> >> Is there a way to use the JSTL Expression Language with Struts 2 tags >> >> instead of OGNL? >> >> >> >> Regards, >> >> >> >> Néstor Boscán >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
