EL expressions in JSP using some Tiles JSP tags are evaluated twice
--------------------------------------------------------------------
Key: TILES-351
URL: https://issues.apache.org/struts/browse/TILES-351
Project: Tiles
Issue Type: Bug
Components: tiles-api, tiles-core, tiles-jsp (jsp support)
Affects Versions: 2.1.1, 2.1.0
Environment: EL support enabled
Reporter: Antonio Petrelli
Priority: Critical
Fix For: 2.1.2
Tiles 2.1.x allows, with the correct configuration, to use EL expressions in
Tiles configuration files.
The problem is that, if attribute values or templates are defined using some
JSP tags (tiles:putAttribute, tiles:insertTemplate), the EL expression is
evaluated twice, one by the container, one by the ELAttributeEvaluator class.
Now, if at the first evaluation the EL expression is connected to a
user-entered content, it could be maliciously exploited to access the server
context.
Therefore, there could be an unwanted exposure of server data or XSS attacks.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
