[jira] [Commented] (SLING-2353) Prevent to include itself

Sat, 14 Jan 2012 13:59:03 -0800 

    [ 
https://issues.apache.org/jira/browse/SLING-2353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13186352#comment-13186352
 ] 

Felix Meschberger commented on SLING-2353:
------------------------------------------

> <sling:include> with a null resource (whether specified as null or defaulted 
> to null) doesn't appear to have any value other than backwards compatibility.
> It's certainly not an elegant way to include self, nor does it appear to be 
> the only way. 

That's not entirely correct: it has been designed to also support the case of 
including "itself" with a different request method, selector and/or extension. 
For example: Consider a POST request to resource r. The POST handling script 
does its job and forwards to itself switching the method to GET to actually 
call the regular rendering scripts of resource r.

The problem here really is, that the resource is explicitly set to null, which 
probably is a programming error and should be flagged by throwing -- as I said 
-- in the resource setter and not in the endTag method dispatching the request.
                
> Prevent <sling:include resource="<%= null %>" /> to include itself
> ------------------------------------------------------------------
>
>                 Key: SLING-2353
>                 URL: https://issues.apache.org/jira/browse/SLING-2353
>             Project: Sling
>          Issue Type: Bug
>          Components: Scripting
>    Affects Versions: Scripting JSP-Taglib 2.1.2
>            Reporter: Tobias Bocanegra
>            Assignee: Carsten Ziegeler
>            Priority: Minor
>             Fix For: Scripting JSP-Taglib 2.1.4
>
>
> If you add this sling:include to a JSP <sling:include resource="<%= null %>" 
> />
> then it will cause the page to keep including itself recursively making the
> server slow. there is a recursion limitation though to prevent endless loops.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to