...it now only allows alpha numeric and _. Would this require some code
refactoring? Maybe a good thing?
On 09/07/2021 09:17, Yasser Zamani wrote:
Hi Greg, thanks for reaching out!
On ۱۴۰۰/۴/۱۸ ۱۲:۰۷, Greg Huber wrote:
UIBean.
<https://github.com/apache/struts/pull/496/files#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669ca>escape(String
name)
// escape any possible values that can make the ID painful to work
with in JavaScript
old : return name.replaceAll("[\\/\\.\\[\\]]", "_");
new: return name.replaceAll("[^a-zA-Z0-9_]", "_");
Isn't this all alpha/numeric now?
No it's all NOT alpha/numeric replaced with _ now. For more info
please refer to https://stackoverflow.com/q/67736476/1362623
Regards.
On 09/07/2021 07:17, GitBox wrote:
yasserzamani opened a new pull request #496:
URL: https://github.com/apache/struts/pull/496
address known issues reported at
https://securitylab.github.com/research/apache-struts-double-evaluation/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org