Re: OGNL in struts tag
Ach. my bad, I just checked how "name" is resolved in "UIBean" instead of analysing it into deep and I messed up things with "value" attribute, my explanation below niedz., 23 lut 2020 o 23:06 John Bush napisał(a): > > This works because of %{} and "a" was pushed onto the top of ValueStack, so all its properties are accessible > This won't work because "name" is evaluated but only if it contains %{} - this allows build dynamic names like: name="user_%{expr}_id" or name="%{user_id}" > As "a" was pushed into to the ValueStack, we must strictly say which scope we are interested in, so we must use "#" to use "a" scope: name="%{#a.formcolumnName}" We can use "a" directly: name="%{a}" but then it will be evaluated as "a.toString()" because "name" expects String Sorry for my misleading answer before :( Please let me know if I should extend the Tag Syntax guide https://struts.staged.apache.org/tag-developers/tag-syntax.html Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: OGNL in struts tag
I understand the don't mix EL and Struts tags - and the use of 'top' in the valueStack. I don't understand why the following first two don't provide like displaying HTML input tags. Also why doesn't OGNL treat the third as a property of "a" and call the getter for formcolumnName. Code Result Thanks - John Bush On 2/23/2020 5:57 AM, Lukasz Lenart wrote: pt., 21 lut 2020 o 04:05 M Huzaifah napisał(a): the jsp has error: Struts Problem Report Struts has detected an unhandled exception: Messages: /pages/common/genericform/genericMain.jsp (line: 165, column: 24) According to TLD or attribute directive in tag file, attribute name does not accept any expressions File: org/apache/jasper/compiler/DefaultErrorHandler.java Line number:41 Yes, this is by design, we didn't want to base on ${} which is out of Struts control and evaluated by a servlet container (Tag support layer). That's why we used %{} instead, but ... cause the error above, then i state attribute name on struts tag does not accept any expressions. if i test to just print like code bellow thats no problem: ${a.formcolumnName} so, i read your documentation about the expression, then i change my code bellow: it works perfectly, thank you Lucas. ... in such a case you don't have to use %{} at all, the "name" attribute will be evaluated against ValueStack as an expression. tag pushes value into ValueStack (named "a" in your case, but this is not required if not used), all the object's properties are available in scope (inside) of the iterator by their names, so this can be reduced to Regards - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: OGNL in struts tag
pt., 21 lut 2020 o 04:05 M Huzaifah napisał(a): > > > > the jsp has error: > > Struts Problem Report > > Struts has detected an unhandled exception: > > Messages: > /pages/common/genericform/genericMain.jsp (line: 165, column: 24) According > to TLD or attribute directive in tag file, attribute name does not accept any > expressions > File: org/apache/jasper/compiler/DefaultErrorHandler.java > Line number:41 Yes, this is by design, we didn't want to base on ${} which is out of Struts control and evaluated by a servlet container (Tag support layer). That's why we used %{} instead, but ... > cause the error above, then i state attribute name on struts tag does not > accept any expressions. if i test to just print like code bellow thats no > problem: > > > ${a.formcolumnName} > > so, i read your documentation about the expression, then i change my code > bellow: > > > > > it works perfectly, thank you Lucas. ... in such a case you don't have to use %{} at all, the "name" attribute will be evaluated against ValueStack as an expression. tag pushes value into ValueStack (named "a" in your case, but this is not required if not used), all the object's properties are available in scope (inside) of the iterator by their names, so this can be reduced to Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: OGNL in struts tag
Dear Lucas, Sorry if i am wrong about that. let me clarify in here. let say i have pojo : public class FormColumnKey { private Integer formcolumnFormId; private String formcolumnName; //sette-getter } in action class, i have list of clolumn: private List displayColumnList; and then, i put all my column from table into the list, next i’ll iterate that list in JSP. so this is what i’ve done in JSP: the jsp has error: Struts Problem Report Struts has detected an unhandled exception: Messages: /pages/common/genericform/genericMain.jsp (line: 165, column: 24) According to TLD or attribute directive in tag file, attribute name does not accept any expressions File: org/apache/jasper/compiler/DefaultErrorHandler.java Line number:41 cause the error above, then i state attribute name on struts tag does not accept any expressions. if i test to just print like code bellow thats no problem: ${a.formcolumnName} so, i read your documentation about the expression, then i change my code bellow: it works perfectly, thank you Lucas. Regards > On 20 Feb 2020, at 16.16, Lukasz Lenart wrote: > > wt., 18 lut 2020 o 17:04 M Huzaifah napisał(a): >> Thank you Lucas, my goal is render the struts tag based on list of column >> name that i've set before. So i have to iterate the list of column using >> jstl than put the "name" on attribut name in struts tag. From here, i >> think i miss understanding about struts tag. I use struts 2.5x that not >> support for expressions anymore. > > Wait, what? Struts tags do not support expressions? Where did you find > such information? Did you read that? > https://struts.apache.org/tag-developers/tag-syntax.html (improved > version I'm working on right now > https://struts.staged.apache.org/tag-developers/tag-syntax.html) > > Also Struts tags are using our internal mechanism which prevents > evaluating malicious expressions, in case of using JSTL you don't have > such control and as those tags are out of Struts control you can > mistakenly inject a malicious code > https://struts.apache.org/security/#internal-security-mechanism > > Also using JSTL and Struts tags in the same JSP is like using Java and > Kotlin to write the same code. Anyway, Bad Idea. > > > Regards > > -- > Łukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org >
Re: OGNL in struts tag
wt., 18 lut 2020 o 17:04 M Huzaifah napisał(a): > Thank you Lucas, my goal is render the struts tag based on list of column > name that i've set before. So i have to iterate the list of column using > jstl than put the "name" on attribut name in struts tag. From here, i > think i miss understanding about struts tag. I use struts 2.5x that not > support for expressions anymore. Wait, what? Struts tags do not support expressions? Where did you find such information? Did you read that? https://struts.apache.org/tag-developers/tag-syntax.html (improved version I'm working on right now https://struts.staged.apache.org/tag-developers/tag-syntax.html) Also Struts tags are using our internal mechanism which prevents evaluating malicious expressions, in case of using JSTL you don't have such control and as those tags are out of Struts control you can mistakenly inject a malicious code https://struts.apache.org/security/#internal-security-mechanism Also using JSTL and Struts tags in the same JSP is like using Java and Kotlin to write the same code. Anyway, Bad Idea. Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: OGNL in struts tag
Dear Lucas, Thank you Lucas, my goal is render the struts tag based on list of column name that i've set before. So i have to iterate the list of column using jstl than put the "name" on attribut name in struts tag. From here, i think i miss understanding about struts tag. I use struts 2.5x that not support for expressions anymore. Dear Prasanth, Yes thank you for your advise. I have done my little work for dynamic field by generate html code (include attribut name, id, value, class) in action class, then render the code into JSP using ${htmlComponen} syntaks. I know this is temporary solution, for next i have to improve. On Tue, Feb 18, 2020, 21:28 Prasanth wrote: > Guessing you are trying to create dynamic names for the text fields. If > you have dynamic names how are you going to get the values into your > action? You could probably have an array of text fields > where the names of text fields are like mytext[columnName1], > mytext[columnName2] etc. > > You can then use a map in the action to collect the values from the jsp. > In the below example you would use a map named mycolumns. > > > > > > I think Struts2 tags don't allow EL so you have to use OGNL expression to > create dynamic names. > > On 2/18/20 7:09 AM, Lukasz Lenart wrote: > > wt., 18 lut 2020 o 05:22 M Huzaifah > napisał(a): > >> I've looking for solution how to create struts2 tag could generate > >> dynamically. This is my code: > >> > >> > >> > >> > > You shouldn't mix Struts and non-Struts tags, this is a bad idea. Why > > don't you use here? > > https://struts.apache.org/tag-developers/iterator-tag.html > > > > And I'm not sure what do you want achieve with this strange syntax > > "name:${column.columnName}"? > > > > > > Regards > >
Re: OGNL in struts tag
Guessing you are trying to create dynamic names for the text fields. If you have dynamic names how are you going to get the values into your action? You could probably have an array of text fields where the names of text fields are like mytext[columnName1], mytext[columnName2] etc. You can then use a map in the action to collect the values from the jsp. In the below example you would use a map named mycolumns. I think Struts2 tags don't allow EL so you have to use OGNL expression to create dynamic names. On 2/18/20 7:09 AM, Lukasz Lenart wrote: > wt., 18 lut 2020 o 05:22 M Huzaifah napisał(a): >> I've looking for solution how to create struts2 tag could generate >> dynamically. This is my code: >> >> >> >> > You shouldn't mix Struts and non-Struts tags, this is a bad idea. Why > don't you use here? > https://struts.apache.org/tag-developers/iterator-tag.html > > And I'm not sure what do you want achieve with this strange syntax > "name:${column.columnName}"? > > > Regards
Re: OGNL in struts tag
wt., 18 lut 2020 o 05:22 M Huzaifah napisał(a): > I've looking for solution how to create struts2 tag could generate > dynamically. This is my code: > > > > You shouldn't mix Struts and non-Struts tags, this is a bad idea. Why don't you use here? https://struts.apache.org/tag-developers/iterator-tag.html And I'm not sure what do you want achieve with this strange syntax "name:${column.columnName}"? Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
OGNL in struts tag
Dear All, I've looking for solution how to create struts2 tag could generate dynamically. This is my code: There is a way we can use ${} ini struts tag?. I found security issue about this evaluation sintaks in here : https://securitylab.github.com/research/apache-struts-double-evaluation Anyone has done with this? Regards