struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lukasz Lenart (JIRA)" <j...@apache.org>
Subject [jira] [Created] (WW-4945) TagUtils#buildNamespace should throw an exception when invocation is null
Date Wed, 18 Jul 2018 06:23:00 GMT
Lukasz Lenart created WW-4945:
---------------------------------

             Summary: TagUtils#buildNamespace should throw an exception when invocation is
null
                 Key: WW-4945
                 URL: https://issues.apache.org/jira/browse/WW-4945
             Project: Struts 2
          Issue Type: Bug
          Components: Core Tags
            Reporter: Lukasz Lenart
             Fix For: 2.6


Right now {{TagUtils#buildNamespace}} will try to determine a namespace using {{Request}}
in case where there is no action invocation available. This means a tag was used out of the
action flow and JSP was exposed directly. This is against our recommendation and exception
should be thrown instead.

http://struts.apache.org/security/#never-expose-jsp-files-directly



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message