[ https://issues.apache.org/jira/browse/SLING-2353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13186302#comment-13186302 ]
Felix Meschberger commented on SLING-2353: ------------------------------------------ I agree: We should check at the point of problem: I would assume that providing null as the value of the resource attribute is not generally the intended use by the JSP programmer. As such we should flag setting this attribute. Then we can leave the rest unmodified -- and it is also the simplest possible check. > Prevent <sling:include resource="<%= null %>" /> to include itself > ------------------------------------------------------------------ > > Key: SLING-2353 > URL: https://issues.apache.org/jira/browse/SLING-2353 > Project: Sling > Issue Type: Bug > Components: Scripting > Affects Versions: Scripting JSP-Taglib 2.1.2 > Reporter: Tobias Bocanegra > Assignee: Carsten Ziegeler > Priority: Minor > Fix For: Scripting JSP-Taglib 2.1.4 > > > If you add this sling:include to a JSP <sling:include resource="<%= null %>" > /> > then it will cause the page to keep including itself recursively making the > server slow. there is a recursion limitation though to prevent endless loops. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira