As a user I would like to know exactly that everything is clear and secure.
From my point of view I do not need to know about parameter filters and
stuff like that. If it is not changing much, it would be nice to have the following behavior : everywhere in s2 tags the user submitted values should not be evaluated till it is not requested with a method call like "eval(ognlString)" otherwise it should not work also when I write "propertyName" not "%{propertyName}" then the processor should manage that like jps's expression language does, I mean no evaluation, just the simplest and the fastest solution this will solve a lot of problems: 1. performance, if the processor isnot forced to evaluate ognl tags (by %{} form) it will not do and it will save time 2. security, if it is not forced (eval method), the processor will not evaluate the user submitted data if it is possible and it does not invalidate s2's ideas and principals, please implement changes in this way Thank you in advance, Aram ________________________________ Aram Mkhitaryan 52, 25 Lvovyan, Yerevan 375000, Armenia Mobile: +374 91 518456 E-mail: [EMAIL PROTECTED]