[
https://issues.apache.org/jira/browse/SLING-2353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13186780#comment-13186780
]
Carsten Ziegeler commented on SLING-2353:
-----------------------------------------
D'oh right, so far I didn't consider the difference between setting resource to
null and not specifying resource at all. We shouldn't allow the first one but
the second one is fine
Ok, I'll change that
However, the question is if we keep the current check or rely on recursion
detection. currently a <sling:include/> would not be allowed
> Prevent <sling:include resource="<%= null %>" /> to include itself
> ------------------------------------------------------------------
>
> Key: SLING-2353
> URL: https://issues.apache.org/jira/browse/SLING-2353
> Project: Sling
> Issue Type: Bug
> Components: Scripting
> Affects Versions: Scripting JSP-Taglib 2.1.2
> Reporter: Tobias Bocanegra
> Assignee: Carsten Ziegeler
> Priority: Minor
> Fix For: Scripting JSP-Taglib 2.1.4
>
>
> If you add this sling:include to a JSP <sling:include resource="<%= null %>"
> />
> then it will cause the page to keep including itself recursively making the
> server slow. there is a recursion limitation though to prevent endless loops.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
