infinite recursion

[Denis <br...@mac.com>]

Hello,

What happens if I put a tool in the context to evaluate Velocity 
strings and some clever user tries to use it that way:

#set( $x = '$vel.eval($x)' )
$vel.eval($x)

?

Cheers,
-- Denis.


---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-user-help@jakarta.apache.org

Re: infinite recursion

[Ch...@dlr.de]

You get an StackOverflowError Exception (Throwable) in your
application. If memory was a limiting factor, it could affect
other parts of the application (e.g. Thread death). Otherwise
everything coninues as usual.

Also see:
http://forum.java.sun.com/thread.jsp?forum=27&thread=187774

A StackOverflow is not as bad as an OutOfMemory due to page designer
or application errors, e.g.:
   #set( $size = 1000000000 )
   #foreach( $i in [1..$size] )<li>$i</li>#end
which would allocate an array with a million slots containing
incrementing numbers. Please note that the size could result
from a context variable supplied by the application. OutOfMemory
exceptions could lead to more harsh death of an application (or
parts of it, e.g. some threads) that will not recuperate.

Greetings,
Christoph

Denis wrote:
> Hello,
> 
> What happens if I put a tool in the context to evaluate Velocity strings 
> and some clever user tries to use it that way:
> 
> #set( $x = '$vel.eval($x)' )
> $vel.eval($x)
> 
> ?
> 
> Cheers,
> -- Denis.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: velocity-user-help@jakarta.apache.org
> 
> 

-- 
:) Christoph Reck


---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-user-help@jakarta.apache.org