Re: direct script execution
Hi Torgeir,
Torgeir Veimo schrieb:
Is it possible to request a script directly, eg. use a request such as
/apps/notes/html.esp, and make that script execute instead of being
returned as plaintext?
This is not currently possible (though the implementation would be
rather simple).
The problem is that we also support WebDAV on / through the Sling
WebDAV bundle. So, for WebDAV we might want to expect the script to be
returned as plaintext to be able to edit and modify it.
I could imagine two options: (1) we add a configuration setting, which
controls whether scripts are executed or not or (2) add a servlet to
handle a special extension, which would execute the script. I would
prefer this second option.
The servlet would have a rather simple service() method implementation:
public void service(ServletRequest req, ServletResponse res)
throws ServletException, IOException {
Servlet servlet = ((SlingHttpServletRequest) req).
getResource.adaptTo(Servlet.class);
if (servlet != null) {
servlet.service(req, res);
} else {
// send error
}
}
Regards
Felix
Re: direct script execution
On 6 Jan 2009, at 07:19, Felix Meschberger wrote: Hi Torgeir, Torgeir Veimo schrieb: Is it possible to request a script directly, eg. use a request such as /apps/notes/html.esp, and make that script execute instead of being returned as plaintext? This is not currently possible (though the implementation would be rather simple). The problem is that we also support WebDAV on / through the Sling WebDAV bundle. So, for WebDAV we might want to expect the script to be returned as plaintext to be able to edit and modify it. I could imagine two options: (1) we add a configuration setting, which controls whether scripts are executed or not or (2) add a servlet to handle a special extension, which would execute the script. I would prefer this second option. Maybe it could be possible to set a resource type, sling:Script on these, to allow execution? They could be edited if accessed through the /dav/ prefix. -- Torgeir Veimo torg...@pobox.com
[jira] Closed: (SLING-271) Disable direct script execution.
[ https://issues.apache.org/jira/browse/SLING-271?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Felix Meschberger closed SLING-271. --- Resolution: Duplicate Duplicate issue to SLING-276 Disable direct script execution. Key: SLING-271 URL: https://issues.apache.org/jira/browse/SLING-271 Project: Sling Issue Type: Improvement Components: ServletResolver Reporter: Felix Meschberger Assignee: Felix Meschberger Fix For: 2.0.0 As discussed on the dev list [1], direct script execution is to be disabled. [1] http://www.mail-archive.com/sling-dev@incubator.apache.org/msg02841.html -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
