[jira] [Commented] (WW-4771) minor typos in confluence page "security.html"

Wed, 29 Mar 2017 06:40:04 -0700 

    [ 
https://issues.apache.org/jira/browse/WW-4771?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15947140#comment-15947140
 ] 

Stefaan Dutry commented on WW-4771:
-----------------------------------

Thanks (and sorry for the manual work i caused :-) )

{quote}
That's why I want to move away from Confluence and use Markdown
{quote}

Any developments on that side? (I don't see any additional {{.md}} files in the 
{{struts-site}} project yet)
Like previously stated, i wouldn't mind helping with migrating documentation.



> minor typos in confluence page "security.html"
> ----------------------------------------------
>
>                 Key: WW-4771
>                 URL: https://issues.apache.org/jira/browse/WW-4771
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Documentation
>            Reporter: Stefaan Dutry
>            Priority: Trivial
>              Labels: documentation
>             Fix For: 2.5.next
>
>
> * page : [https://struts.apache.org/docs/security.html]
> * spotted typos:
> ** inside a title
> {code:none|title=current}
> Do not defined setters when not needed
> {code}
> {code:none|title=fixed}
> Do not define setters when not needed
> {code}
> ** inside text under title {{Do not use incoming values as an input for 
> localisation logic}}
> {code:none|title=current}
> All TextProvider's getText(...) methods (e.g in ActionSupport) performs 
> evaluation of parameters included in a message to properly localize the text. 
> This means using incoming request parameters with getText(...) methods is 
> potentially dangerous and should be avoided. Se example below, assuming that 
> an action implements getter and setter for property message, the below code 
> allows inject an OGNL expression:
> {code}
> {code:none|title=fixed}
> All TextProvider's getText(...) methods (e.g in ActionSupport) perform 
> evaluation of parameters included in a message to properly localize the text. 
> This means using incoming request parameters with getText(...) methods is 
> potentially dangerous and should be avoided. See example below, assuming that 
> an action implements getter and setter for property message, the below code 
> allows inject an OGNL expression:
> {code}
> ** inside text under title {{Accepted / Excluded patterns}}
> {code:none|title=current}
> ...to check if param can accepted or must be excluded.
> {code}
> {code:none|title=fixed}
> ...to check if param can be accepted or must be excluded.
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to