On 20-02-07 17 h 44, Nathan Bubna wrote:
As for setClass(Class cls), couldn't we just change it to:
public void setClass(String classname) {
setClassname(classname);
}
Seems like that would keep the class="org.com.Foo" config syntax working
and avoid the security issue, right?
Nah, because what happens is that the "class" property is filtered
beforehand by beanutils introspector.
What I did is provide the xml digester with a alias, mapping "class"
towards "classname".
I'm gonna push your suggestion also, though, as it might help for other
configuration methods when running under a security manager.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org
For additional commands, e-mail: dev-h...@velocity.apache.org