[
https://issues.apache.org/jira/browse/SLING-2353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13186302#comment-13186302
]
Felix Meschberger commented on SLING-2353:
------------------------------------------
I agree: We should check at the point of problem: I would assume that providing
null as the value of the resource attribute is not generally the intended use
by the JSP programmer. As such we should flag setting this attribute.
Then we can leave the rest unmodified -- and it is also the simplest possible
check.
> Prevent <sling:include resource="<%= null %>" /> to include itself
> ------------------------------------------------------------------
>
> Key: SLING-2353
> URL: https://issues.apache.org/jira/browse/SLING-2353
> Project: Sling
> Issue Type: Bug
> Components: Scripting
> Affects Versions: Scripting JSP-Taglib 2.1.2
> Reporter: Tobias Bocanegra
> Assignee: Carsten Ziegeler
> Priority: Minor
> Fix For: Scripting JSP-Taglib 2.1.4
>
>
> If you add this sling:include to a JSP <sling:include resource="<%= null %>"
> />
> then it will cause the page to keep including itself recursively making the
> server slow. there is a recursion limitation though to prevent endless loops.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
