Seems to me not to be the right place to correct any possible problems, and far off any related root of a possible issue.
The config would definitively need an option to be disabled totally. I expect very unexpected and hard to trace side effects, depending on the application in place. Markus Am 15.09.19 um 09:58 schrieb Yasser Zamani: > Hi, > > I thought it might be nice to add a config element which confines the length > of OGNL expression that Struts is going to evaluate. It is going to make > hackers life harder :) > > How do you see it? > > Best. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > For additional commands, e-mail: dev-h...@struts.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org