On Jul 31, 2013, at 9:25 AM, Dave Newton <davelnew...@gmail.com> wrote: > I'm not convinced OGNL itself is the issue, but > rather its unfettered access into internals. An intermediate, sandbox-y > layer might resolve that.
It's only partially what data ognl can fetch/modify, it's also what it can do. System.exit() is clearly something undesirable to execute unexpectedly (although probably less harmful than other actions). -Dale --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
