Hi,
AFAIK Ognl compiles myMap['myKey'] to the string myMap.myKey so yes I think you
don't want to use complex strings as keys; for instance conceive `myKey-1` as
key that will be translated to myMap.myKey-1 which likely won't work properly.
Regards.
>-----Original Message-----
>From: Ing. Andrea Vettori <a.vett...@b2bires.com>
>Sent: Wednesday, January 15, 2020 1:54 PM
>To: dev@struts.apache.org
>Subject: Standard Accepted Patterns in DefaultAcceptedPatternsChecker
>
>Hello,
>Today I had an issue with one of our web sites using struts and found it traces
>back to the default accepted patterns in DefaultAcceptedPatternsChecker.
>May I ask why the key values for “map like” parameters (i.e. map[‘key’]) are
>limited in such a strict way ? In our case I had a minus sign in the key. Is
>there any
>security consideration behind this ?
>Thank you!
>
>
> public static final String[] ACCEPTED_PATTERNS = {
> "\\w+((\\.\\w+)|(\\[\\d+\\])|(\\(\\d+\\))|(\\['(\\w|[\\u4e00-
>\\u9fa5])+'\\])|(\\('(\\w|[\\u4e00-\\u9fa5])+'\\)))*"
> };
>
>—
>Ing. Andrea Vettori
>Responsabile Sistemi Informativi
