2010/8/12 Thomas Treitlinger <ttreitlin...@gmail.com>:
> Hello,
>
> I have a number of JSP pages which use the JSTL core library to set a
> request attribute like this:
> <c:set var="foo" scope="request" >FOO-VALUE</c:set>
>
> The JSPs then forward to a Servlet like this:
> <jsp:forward page="/request.go" />
>
> The Servlet later invokes
> String s = (String) request.getAttribute("foo")
>Maybe somebody calls your page directly? The usual solution to avoid that is to move the page into WEB-INF directory. You can <jsp:forward page="/WEB-INF/_jsp/request.go" />, but nobody can call it directly. Also there is one more possible catch: if 'c:' prefix is not associated with a taglib, <c:set will be rendered as text, without invoking the tag library. Maybe the jsp or other file was corrupted somehow? > The application was running in Tomcat 5.5.23 (Linux/Slackware) I wonder if you can upgrade to a later version. I usually mention this page: http://tomcat.apache.org/security-5.html Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
