[
https://issues.apache.org/jira/browse/WW-5340?focusedWorklogId=879287&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-879287
]
ASF GitHub Bot logged work on WW-5340:
--------------------------------------
Author: ASF GitHub Bot
Created on: 31/Aug/23 07:28
Start Date: 31/Aug/23 07:28
Worklog Time Spent: 10m
Work Description: kusalk opened a new pull request, #746:
URL: https://github.com/apache/struts/pull/746
WW-5340
--
I've refactored this class to improve both readability and maintainability.
My primary goal was to consolidate calls to ognl.Ognl, specifically the
following functions:
* `#getValue`: 5 calls to 1
* `#setValue`: 2 calls to 1
* `#parseExpression`: 4 calls to 1
Functionally, there are only 2 changes:
* Removed redundant tree validation from `OgnlUtil#checkValue`
* Cache expressions prior to tree validation (i.e. even if validation fails)
Issue Time Tracking
-------------------
Worklog Id: (was: 879287)
Remaining Estimate: 0h
Time Spent: 10m
> Introduce optional AST node exclusion list
> ------------------------------------------
>
> Key: WW-5340
> URL: https://issues.apache.org/jira/browse/WW-5340
> Project: Struts 2
> Issue Type: Improvement
> Components: Core
> Reporter: Kusal Kithul-Godage
> Priority: Minor
> Fix For: 6.4.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Enhance security by implementing an optional exclusion list (in struts.xml)
> where applications can specify AST nodes that are not required in their
> applications or are known to carry higher security risk.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
