2015-09-17 9:37 GMT+02:00 Greg Huber <gregh3...@gmail.com>: > I was testing using: > > <s:submit value="%{getText('button.save')}" action="edit!getBean().name" /> > > and it returned the value in the name field on the bean. > > public class EventEdit extends EventBase { > .... > private EventBean bean = null; > .... > /** > * Gets the bean. > * > * @return the bean > */ > public EventBean getBean() { > return bean; > } > .... > } > > I though this was what we were trying to stop?
but this is something different, it happens on server side in tags, it's your choice as a dev. Without Strict DMI, when DMI is enabled it is possible to call any public method via bang operator "!" via url like this: http://localhost:8080/index!getPassword and as a lot of people is still using this mechanism we want help them be more secure :) Regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org