struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Craig McClanahan <craig...@gmail.com>
Subject Re: ActionForm problem
Date Fri, 18 Mar 2005 01:20:20 GMT
On Thu, 17 Mar 2005 18:03:16 -0700, Hyrum <hyrum@t-rmarket.com> wrote:

> 
> ${bean.isIdiot ? "Yes, I'm an Idiot" : "No, I'm not an Idiot"}
> 

This doesn't suffer from the dangerious content problem, because you
don't actually *emit* the contents of the isIdiot property -- you only
use it on the server side to calculate what should actually be
emitted.

If you did something like this:

  <p>Did I fail the test?  ${bean.isIdiot}</p>

You would be at risk of the isIdiot property was a string (unless you
were 100% confident that the contents of the string had no dangerous
content).

Craig

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message