On 20-02-07 17 h 44, Nathan Bubna wrote:
As for setClass(Class cls), couldn't we just change it to:public void setClass(String classname) { setClassname(classname); } Seems like that would keep the class="org.com.Foo" config syntax working and avoid the security issue, right?
Nah, because what happens is that the "class" property is filtered beforehand by beanutils introspector.
What I did is provide the xml digester with a alias, mapping "class" towards "classname".
I'm gonna push your suggestion also, though, as it might help for other configuration methods when running under a security manager.
--------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org
