<[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> From: Dale Newfield <[EMAIL PROTECTED]> Date: Tue, 17 Jul 2007 1:17:55 -0500 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7bit
"Aram Mkhitaryan" <[EMAIL PROTECTED] >I have to repeat my suggestion about the new "eval" method in ognl >expressions which will force the evaluation But of course this would still be a security hole if usable by client-provided strings, and would still need to be disallowed there. How is surrounding a string with "%{" and "}" not the "eval" you request? -Dale Newfield [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]