Hi Chris! They can upload them using javascript file manager
Totally rejecting scripting seems to be more robust solution Christopher Schultz-2 wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Kazukin, > > kazukin6 wrote: >> And yes, for us it' not possible to give users to change only parts of >> jsp's >> and deny execution of these parts based on some credential assessments >> executed during some <if checkAccess> tags > > How do your users submit updated JSP files? Do you have the opportunity > to scan them before installation? If so, why not simply reject anything > containing "<[EMAIL PROTECTED]"? > > - -chris > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkjQJV4ACgkQ9CaO5/Lv0PCNOACgu+CaPCGqYX+0t1jhPJhDRZ/K > b88An1s5lPVnO1xiU2WiBljlYbTC+tZd > =AN9/ > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Disable-java-code-execution-%3C-blabla-%3E-in-jsp%2C-but-permits-tags-tp19415053p19527565.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
