This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch WW-4742-no-key in repository https://gitbox.apache.org/repos/asf/struts.git
commit 90f9d8fa9fcd0ec0c6f549fc6ca1f4211b5c6e56 Author: Lukasz Lenart <lukaszlen...@apache.org> AuthorDate: Sat Jan 2 18:53:37 2021 +0100 WW-4742 Stops evaluating default message as a OGNL expression and uses proper order for escaping --- .../java/org/apache/struts2/util/TextProviderHelper.java | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/core/src/main/java/org/apache/struts2/util/TextProviderHelper.java b/core/src/main/java/org/apache/struts2/util/TextProviderHelper.java index 2d08d8f..148a5c4 100644 --- a/core/src/main/java/org/apache/struts2/util/TextProviderHelper.java +++ b/core/src/main/java/org/apache/struts2/util/TextProviderHelper.java @@ -80,17 +80,11 @@ public class TextProviderHelper { } if (msg == null) { - // evaluate the defaultMessage as an OGNL expression - if (searchStack) - msg = stack.findString(defaultMessage); - - if (msg == null) { - // use the defaultMessage literal value - msg = defaultMessage; - msg = StringEscapeUtils.escapeEcmaScript(msg); - msg = StringEscapeUtils.escapeHtml4(msg); - LOG.debug("Message for key '{}' is null, returns escaped default message [{}]", key, msg); - } + // use the defaultMessage literal value + msg = defaultMessage; + msg = StringEscapeUtils.escapeHtml4(msg); + msg = StringEscapeUtils.escapeEcmaScript(msg); + LOG.debug("Message for key '{}' is null, returns escaped default message [{}]", key, msg); if (LOG.isWarnEnabled()) { if (tp != null) {