Hi, Martin
Thanks for the answer
I see, what you mean, but the problem is slightly different
The matter is that our users can change jsp files whatever they like via
administrative interface, so we want to restrict the use of scriplets in
these jsp's because of possible abuses
Bill Barker-2 provided the comprehensive answer to this problem
mgainty wrote:
>
>
> use ths struts if tag to conditionally disable the code
> <%@ taglib prefix="s" uri="/struts-tags"%>
>
> <s:if test="%{false}">
> <div>Will Not Be Executed</div>
> </s:if>
>
> http://struts.apache.org/2.0.11.2/docs/if.html
> datorită struts
> Martin
> ______________________________________________
> Disclaimer and confidentiality note
> Everything in this e-mail and any attachments relates to the official
> business of Sender. This transmission is of a confidential nature and
> Sender does not endorse distribution to any party other than intended
> recipient. Sender does not necessarily endorse content contained within
> this transmission.
>
>
>> Date: Sat, 13 Sep 2008 08:58:59 -0700
>> From: [EMAIL PROTECTED]
>> To: users@tomcat.apache.org
>> Subject: Re: Disable java code execution <%blabla%> in jsp, but permits
>> tags
>>
>>
>> We want them to be able to customize information they get from our system
>> by
>> using custom tags
>>
>>
>> H. Hall wrote:
>> >
>> > kazukin6 wrote:
>> >> Plz Help !!
>> >> Is it possible to disable all java code execution within jsp page (by
>> >> security manager or something)
>> >> but allow custom tags to be executed?
>> >>
>> >> The problem is that the users can change jsp files, and due to
>> security
>> >> reasons we can allow them to use only tags
>> >>
>> > Why are users allowed to change jsp files?
>> >
>> > HH
>> >
>> >
>> >
>> > --
>> > H. Hall
>> > ReedyRiver Group LLC
>> > http://www.reedyriver.com
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To start a new topic, e-mail: users@tomcat.apache.org
>> > To unsubscribe, e-mail: [EMAIL PROTECTED]
>> > For additional commands, e-mail: [EMAIL PROTECTED]
>> >
>> >
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Disable-java-code-execution-%3C-blabla-%3E-in-jsp%2C-but-permits-tags-tp19415053p19471795.html
>> Sent from the Tomcat - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>
> _________________________________________________________________
> Get more out of the Web. Learn 10 hidden secrets of Windows Live.
> http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008
>
--
View this message in context:
http://www.nabble.com/Disable-java-code-execution-%3C-blabla-%3E-in-jsp%2C-but-permits-tags-tp19415053p19476209.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
