Both of these ideas - arbitrary JavaScript injection and JSP injection
via wikipage - are terrible ideas. They are guaranteed to get your
site 0wed by an attacker.
Do not do this. Instead, customise the JSPs directly.
Andrew
On Nov 27, 2007, at 3:09, Matthias Käppler <[EMAIL PROTECTED]>
wrote:
Hi Terry,
2007/11/26, Terry Steichen <[EMAIL PROTECTED]>:
Matthias,
Upon rereading your post, I think you raise a couple of issues that
are
kind of intertwined. First, you seem to be asking if you can display
your own JSP within JSPWiki (rather than being restricted to using
only
text-based wikipages). Second (assuming that the answer is 'yes'
to the
first question), you ask if you can use the 'specialPage' feature to
link to this new page from an ordinary wikipage (like LeftMenu).
The answer to both questions is 'yes', but there's a small amount of
customizing (to ViewTemplate.jsp) that needs to be done to accomplish
this. But before getting into how this can be done, maybe you can
confirm that you did indeed intend to ask the two above questions I
describe above (or perhaps add some additional clarification).
That is correct, I am writing a Dojo-driven semantic search
interface, so I
have to run a lot of client-side JavaScript in that JSP. Of course I
also
want the search be reachable from the LeftMenu (or any other
wikipage). So,
yes, these two problems are connected and I'd be glad for any hints.
Best,
Matthias
