[
https://issues.apache.org/jira/browse/WW-5117?focusedWorklogId=571864&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-571864
]
ASF GitHub Bot logged work on WW-5117:
--------------------------------------
Author: ASF GitHub Bot
Created on: 25/Mar/21 12:53
Start Date: 25/Mar/21 12:53
Worklog Time Spent: 10m
Work Description: yasserzamani commented on a change in pull request #475:
URL: https://github.com/apache/struts/pull/475#discussion_r601457831
##########
File path:
core/src/main/java/org/apache/struts2/components/template/FreemarkerTemplateEngine.java
##########
@@ -121,6 +121,10 @@ public void renderTemplate(TemplateRenderingContext
templateContext) throws Exce
ActionInvocation ai = ActionContext.getContext().getActionInvocation();
Object action = (ai == null) ? null : ai.getAction();
+ if (action == null) {
+ LOG.warn("Rendering tag {} out of Action scope, accessing directly
JSPs is not recommended! " +
+ "Please read
https://struts.apache.org/security/#never-expose-jsp-files-directly";,
templateName);
Review comment:
:clap:
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 571864)
Time Spent: 3h 20m (was: 3h 10m)
> %{id} evaluates different for data-* and value attribute
> --------------------------------------------------------
>
> Key: WW-5117
> URL: https://issues.apache.org/jira/browse/WW-5117
> Project: Struts 2
> Issue Type: Bug
> Affects Versions: 2.5.26
> Reporter: Jonas Marczona
> Priority: Major
> Fix For: 2.5.27
>
> Time Spent: 3h 20m
> Remaining Estimate: 0h
>
> {{%\{id\}}} evaluates for "data-*" attributes in a different way than for the
> "value" attribute.
> in a very simple context where I have only one getter:
> {code}
> public Long getId() {
> return 27357L;
> }
> {code}
> The following two usages of "id" in one tag in a jsp evaluates in different
> ways:
> JSP:
> {noformat}
> <%@ taglib prefix="s" uri="/struts-tags"%>
> <s:hidden name="first" data-wuffmiauww="%{id}" id="einszwei" value="%{id}"/>
> <s:hidden name="second" data-wuffmiauww="%{id}" value="%{id}"/>
> {noformat}
> Result:
> {noformat}
> <input type="hidden" name="first" value="27357" id="einszwei"
> data-wuffmiauww="einszwei">
> <input type="hidden" name="second" value="27357" data-wuffmiauww>
> {noformat}
> I expect the Id of my getter - for both cases.
> The value for {{data-wuffmiauww}} is wrong.
> With struts2 version 2.5.20 the result was correct:
> {noformat}
> <input type="hidden" name="first" value="27357" id="einszwei"
> data-wuffmiauww="27357">
> <input type="hidden" name="second" value="27357" data-wuffmiauww="27357">
> {noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
