I mean I never want a http header or parameter be handled as OGNL expression and got evaluated. I would like it to be retrieved as it is. For security purpose.
On Mon, Mar 13, 2017 at 9:44 AM, Lukasz Lenart <lukaszlen...@apache.org> wrote: > 2017-03-13 9:41 GMT+01:00 Tamás Barta <bartata...@gmail.com>: > > Hi, > > > > Is there any way to disable evaluating OGNL expressions in HTTP headers > and > > request parameters? > > There is no direct evaluation of request parameters nor headers. The > problem is that those values are often used by developers in JSPs or > in some other places and then the evaluation happens. > > > Regards > -- > Łukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
