UIBean.
<https://github.com/apache/struts/pull/496/files#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669ca>escape(String
name)
// escape any possible values that can make the ID painful to work with
in JavaScript
old : return name.replaceAll("[\\/\\.\\[\\]]", "_");
new: return name.replaceAll("[^a-zA-Z0-9_]", "_");
Isn't this all alpha/numeric now?
On 09/07/2021 07:17, GitBox wrote:
yasserzamani opened a new pull request #496:
URL: https://github.com/apache/struts/pull/496
address known issues reported at
https://securitylab.github.com/research/apache-struts-double-evaluation/
