You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@struts.apache.org by GitBox <gi...@apache.org> on 2021/04/27 06:30:29 UTC

[GitHub] [struts] yasserzamani commented on pull request #483: fix double evaluations...

yasserzamani commented on pull request #483:
URL: https://github.com/apache/struts/pull/483#issuecomment-827349385


   Thanks for your review @aleksandr-m ! Yes I think it will work. Assume `<s:sometag someAttr="someComplexExp"...`. I don't disturb the evaluation of `someComplexExp` at all. It will be evaluated as before. But once evaluated for first time, if it's going to go for another evaluation for second time, then I check and validate it again against accepted/excluded patterns. I know it might limit developer in some special not-usual usages but I have to do so if I want to reduce the risk of end-user raw data evaluation by mistake. Furthermore developer always can change her/his design if this breaks it.
   
   For example, I think in your case, in first evaluation we will have e.g. `id->itemId2` and `key->items[2].name` where both will pass accepted/excluded patterns if they are needed to be re-evaluated.
   
   I'll add corresponding test:+1:thanks!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org