[
https://issues.apache.org/jira/browse/WW-4891?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16325614#comment-16325614
]
ASF GitHub Bot commented on WW-4891:
------------------------------------
HedjuHor opened a new pull request #201: WW-4891 Debug tag should not display
anything when not in dev mode
URL: https://github.com/apache/struts/pull/201
one solution
if a user really wants to show the Debug Flag on his production release, he
can use `<s:debug disabled="false"/>`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Debug tag should not display anything when not in dev mode
> ----------------------------------------------------------
>
> Key: WW-4891
> URL: https://issues.apache.org/jira/browse/WW-4891
> Project: Struts 2
> Issue Type: Improvement
> Components: Core Tags
> Affects Versions: 2.5.14
> Reporter: Daniel Le Berre
> Fix For: 2.6
>
>
> I noticed that the debug tag displays the content of the value stack
> independently of the value of devMode.
> I wonder if it would not be more secure to do not display anything if
> devMode=false.
> I can imagine a developer forgetting to remove such kind of debug tags before
> the app goes to production. Making it silent in production mode would reduce
> the risk to display sensitive data.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
