I'd looked in to replacing OGNL with MVEL, including the templating, but it entailed a fairly extensive effort.
Not saying it isn't worth it; personally I'd like to see a few other options and a simplification of the templates (and potential speedups). Dave On Wed, Sep 4, 2013 at 10:21 AM, Paul Benedict <pbened...@apache.org> wrote: > Isn't it already "decoupled" since OGNL is a separate project? I mean, of > course Struts 2 needs mediating code to support it, but how coupled is it > really? > > Paul > > > On Wed, Sep 4, 2013 at 8:04 AM, Christian Grobmeier <grobme...@gmail.com > >wrote: > > > Folks, > > > > when researching on OGNL i found this link: > > https://cwiki.apache.org/confluence/display/S2WIKI/OGNL+replacement > > > > In 2008 Brian mentioned "Security risks keep appearing" along with OGNL > > and collected the places where we use OGNL. Given the recent events I > > thought it might be good to bring this up again. Please also note, I > > have helped with OGNLs incubation and I am also touchign it over in > > Commons land. My impression is OGNL is not easy to understand and there > > is not really much interest from other people to develop on it. > > > > Looking at this list I feel OGNL is pretty much tied to Struts. On the > > other hand we could start to slowly decouple the two. Not sure what we > > should use otherwise. > > > > Any feelings on that? > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > > For additional commands, e-mail: dev-h...@struts.apache.org > > > > > > > -- > Cheers, > Paul > -- e: davelnew...@gmail.com m: 908-380-8699 s: davelnewton_skype t: @dave_newton <https://twitter.com/dave_newton> b: Bucky Bits <http://buckybits.blogspot.com/> g: davelnewton <https://github.com/davelnewton> so: Dave Newton <http://stackoverflow.com/users/438992/dave-newton>
