Ok...
I agree with you now. Would be really nice just have EL that should be a
unified expression language.
Maybe improve EL using OGNL concepts would be nice too, but not have both
(OGNL and EL) in the same logic.
The problem is that OGNL is in the heart of Struts2. We just can't take it
out, or event disable that.
So to be pragmatic, the point here is have the secure version (JSP EL
disabled) and the unsecure version (JSP ELs enabled).
I'm curious about the leaders opinios about that...
Felipe Rodrigues
Andrea Vettori wrote:
>
> My point is that there are many jsp tag libraries out there. For
> example, I've developed and I'm mantaining four big ecommerce sites
> with struts2 and some taglibs. But I'm using 2.0.8 since in many jsp
> pages I've used EL in struts tags.
> I think that bad practice is using request variables into EL
> expression not the generic use of EL expression into s2 tags.
>
> Personally I have never used OGNL expression inside my jsps apart of
> some simple %{variable}. I think it's cleaner using jsp tags and
> variables because the page is more readable even to page designers.
> For example,
>
>> <s:hidden name="anotherProperty" value="%
>> {anotherResult.dosomething()}”/>
>
> if anotherResult is an object with many methods, some of which are not
> designed to be called from jsp pages why should I have to expose the
> object and potentially all its method instead of use
>
> <mytag:myobjectdosomething var="result"/>
> <s:hidden name="anotherProperty" value="${result}"/>
>
> Ok it's two lines instead of one and you have to implement the tag.
> But I think it's cleaner, less dangerous that exposing all the object
> methods and understandable by not expert page designers...
>
> Finally I think that removing EL expression from s2 tags because if
> used in the bad way they can be dangerous it's like not sell cars
> anymore since you can kill someone if drived in the bad way...
>
> Hope this can contribute to the discussion to have ELs back... :)
>
>
> Il giorno 06/mar/08, alle ore 17:11, Felipe Rodrigues ha scritto:
>
>>
>> In this way there is not bad pratice visible.
>> Imagine the situation:
>>
>>
>> <sometaglib:sometag var="result"/>
>> <s:hidden name="property" value="${result}”/>
>> <s:hidden name="anotherProperty"
>> value="#anotherResult#CameFromValueStack”/>
>> <s:hidden name="anotherProperty" value="%
>> {anotherResult.dosomething()}”/>
>>
>> I'm not an OGNL expert, but from what I know, there is a lot of
>> things you
>> have to do using OGNL and not just JSTL EL. So, the point is, when
>> to use
>> what? Trying and fixing?
>>
>> How about juniors developers? It could really confuse theirs heads.
>> Maybe in small projects it doesn't matter, I agree, but for big
>> projects
>> with lots and lots of developers, or where another team maintain the
>> app,
>> could represent some documentation.
>>
>> And not considering the security problem. Some Architect could
>> define to use
>> the struts-dangerous, but the developers don't even know why
>> struts-dangerous is dangerous.
>>
>> Of course, it is just my opinion.
>>
>> Felipe Rodrigues
>>
>>
>> Andrea Vettori wrote:
>>>
>>> Hi,
>>>
>>> can someone explain why it's bad practice to do something like this
>>> in
>>> a jsp page :
>>>
>>> <sometaglib:sometag var="result"/>
>>> <s:hidden name="property" value="${result}”/>
>>>
>>>
>>> ??
>>>
>>> Thanks !
>>>
>>>
>>>
>>>> The 2 point is the most important, from my view.
>>>> Use JSP EL in Struts2 tag is not a best pratice. Match these kind of
>>>> languages could make the code confuse to be maintained. Sometimes
>>>> you use
>>>> OGNL, othertimes you use JSTL EL.
>>>
>>>>
>>>>> Is 2. really a problem? Sorry, I didn't really understand.
>>>>>> The second problem is keep feeding this pratice (use JSTL EL).
>>>>>>
>>>>>
>>>
>>> --
>>> Ing. Andrea Vettori
>>> Consulente per l'Information Technology
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Issue-WW-2107-question---Is-JSTL-disable-or-not--tp15830208p15877164.html
>> Sent from the Struts - Dev mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>
> --
> Ing. Andrea Vettori
> Consulente per l'Information Technology
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
View this message in context:
http://www.nabble.com/Issue-WW-2107-question---Is-JSTL-disable-or-not--tp15830208p15878911.html
Sent from the Struts - Dev mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
