As a user I would like to know exactly that everything is clear and secure.
From my point of view I do not need to know about parameter filters and
stuff like that.
If it is not changing much, it would be nice to have the following behavior
:
everywhere in s2 tags the user submitted values should not be evaluated till
it is not requested
with a method call like "eval(ognlString)" otherwise it should not work
also when I write "propertyName" not "%{propertyName}" then the processor
should manage that
like jps's expression language does, I mean no evaluation, just the simplest
and the fastest solution
this will solve a lot of problems:
1. performance, if the processor isnot forced to evaluate ognl tags (by %{}
form) it will not do and it will save time
2. security, if it is not forced (eval method), the processor will not
evaluate the user submitted data
if it is possible and it does not invalidate s2's ideas and principals,
please implement changes in this way
Thank you in advance,
Aram
________________________________
Aram Mkhitaryan
52, 25 Lvovyan, Yerevan 375000, Armenia
Mobile: +374 91 518456
E-mail: [EMAIL PROTECTED]
