Warxim commented on code in PR #26:
URL: https://github.com/apache/commons-jxpath/pull/26#discussion_r1002987643
##########
src/test/java/org/apache/commons/jxpath/ri/compiler/ExtensionFunctionTest.java:
##########
@@ -46,9 +46,11 @@ public class ExtensionFunctionTest extends JXPathTestCase {
private JXPathContext context;
private TestBean testBean;
private TypeConverter typeConverter;
+ private final String DEFAULT_ALLOW_LIST =
"org.w3c.*,org.jdom.*,java.lang.String,java.util.*,org.apache.commons.*";
Review Comment:
**Warning:** New Commons JXPath version with the changes in this PR will not
be automatically compatible with the previous one, if the developers use
functions in xpaths. All function calls will be disabled by default in the new
version. (For example, calling `size(/)` will not be possible without first
allowing it in filter.)
This needs to be emphasized in changelog or somewhere.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
