Warxim commented on code in PR #26:
URL: https://github.com/apache/commons-jxpath/pull/26#discussion_r1003034601
##########
src/main/java/org/apache/commons/jxpath/functions/MethodFunction.java:
##########
@@ -34,6 +36,8 @@ public class MethodFunction implements Function {
private final Method method;
private static final Object[] EMPTY_ARRAY = {};
+ private JXPathFilter jxpathFilter = new SystemPropertyJXPathFilter();
Review Comment:
It would be probably better to add the same filtering mechanism to
`ConstructorFunction`. I think it is not vulnerable now, but we might do this,
just to be sure it will not become vulnerable in new versions.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
