Re: OGNL in struts tag
Ach. my bad, I just checked how "name" is resolved in "UIBean" instead
of analysing it into deep and I messed up things with "value"
attribute, my explanation below
niedz., 23 lut 2020 o 23:06 John Bush napisał(a):
>
>
This works because of %{} and "a" was pushed onto the top of
ValueStack, so all its properties are accessible
>
This won't work because "name" is evaluated but only if it contains
%{} - this allows build dynamic names like: name="user_%{expr}_id" or
name="%{user_id}"
>
As "a" was pushed into to the ValueStack, we must strictly say which
scope we are interested in, so we must use "#" to use "a" scope:
name="%{#a.formcolumnName}"
We can use "a" directly: name="%{a}" but then it will be evaluated as
"a.toString()" because "name" expects String
Sorry for my misleading answer before :(
Please let me know if I should extend the Tag Syntax guide
https://struts.staged.apache.org/tag-developers/tag-syntax.html
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
Re: OGNL in struts tag
I understand the don't mix EL and Struts tags - and the use of 'top' in
the valueStack.
I don't understand why the following first two don't provide like
displaying HTML input tags.
Also why doesn't OGNL treat the third as a property of "a" and call the
getter for formcolumnName.
Code
Result
Thanks - John Bush
On 2/23/2020 5:57 AM, Lukasz Lenart wrote:
pt., 21 lut 2020 o 04:05 M Huzaifah napisał(a):
the jsp has error:
Struts Problem Report
Struts has detected an unhandled exception:
Messages:
/pages/common/genericform/genericMain.jsp (line: 165, column: 24) According to
TLD or attribute directive in tag file, attribute name does not accept any
expressions
File: org/apache/jasper/compiler/DefaultErrorHandler.java
Line number:41
Yes, this is by design, we didn't want to base on ${} which is out of
Struts control and evaluated by a servlet container (Tag support
layer). That's why we used %{} instead, but ...
cause the error above, then i state attribute name on struts tag does not
accept any expressions. if i test to just print like code bellow thats no
problem:
${a.formcolumnName}
so, i read your documentation about the expression, then i change my code
bellow:
it works perfectly, thank you Lucas.
... in such a case you don't have to use %{} at all, the "name"
attribute will be evaluated against ValueStack as an expression.
tag pushes value into ValueStack (named "a" in your
case, but this is not required if not used), all the object's
properties are available in scope (inside) of the iterator by their
names, so this can be reduced to
Regards
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
Re: OGNL in struts tag
pt., 21 lut 2020 o 04:05 M Huzaifah napisał(a):
>
>
>
> the jsp has error:
>
> Struts Problem Report
>
> Struts has detected an unhandled exception:
>
> Messages:
> /pages/common/genericform/genericMain.jsp (line: 165, column: 24) According
> to TLD or attribute directive in tag file, attribute name does not accept any
> expressions
> File: org/apache/jasper/compiler/DefaultErrorHandler.java
> Line number:41
Yes, this is by design, we didn't want to base on ${} which is out of
Struts control and evaluated by a servlet container (Tag support
layer). That's why we used %{} instead, but ...
> cause the error above, then i state attribute name on struts tag does not
> accept any expressions. if i test to just print like code bellow thats no
> problem:
>
>
> ${a.formcolumnName}
>
> so, i read your documentation about the expression, then i change my code
> bellow:
>
>
>
>
> it works perfectly, thank you Lucas.
... in such a case you don't have to use %{} at all, the "name"
attribute will be evaluated against ValueStack as an expression.
tag pushes value into ValueStack (named "a" in your
case, but this is not required if not used), all the object's
properties are available in scope (inside) of the iterator by their
names, so this can be reduced to
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
Re: OGNL in struts tag
Dear Lucas,
Sorry if i am wrong about that. let me clarify in here.
let say i have pojo :
public class FormColumnKey {
private Integer formcolumnFormId;
private String formcolumnName;
//sette-getter
}
in action class, i have list of clolumn:
private List displayColumnList;
and then, i put all my column from table into the list, next i’ll iterate that
list in JSP. so this is what i’ve done in JSP:
the jsp has error:
Struts Problem Report
Struts has detected an unhandled exception:
Messages:
/pages/common/genericform/genericMain.jsp (line: 165, column: 24) According to
TLD or attribute directive in tag file, attribute name does not accept any
expressions
File: org/apache/jasper/compiler/DefaultErrorHandler.java
Line number:41
cause the error above, then i state attribute name on struts tag does not
accept any expressions. if i test to just print like code bellow thats no
problem:
${a.formcolumnName}
so, i read your documentation about the expression, then i change my code
bellow:
it works perfectly, thank you Lucas.
Regards
> On 20 Feb 2020, at 16.16, Lukasz Lenart wrote:
>
> wt., 18 lut 2020 o 17:04 M Huzaifah napisał(a):
>> Thank you Lucas, my goal is render the struts tag based on list of column
>> name that i've set before. So i have to iterate the list of column using
>> jstl than put the "name" on attribut name in struts tag. From here, i
>> think i miss understanding about struts tag. I use struts 2.5x that not
>> support for expressions anymore.
>
> Wait, what? Struts tags do not support expressions? Where did you find
> such information? Did you read that?
> https://struts.apache.org/tag-developers/tag-syntax.html (improved
> version I'm working on right now
> https://struts.staged.apache.org/tag-developers/tag-syntax.html)
>
> Also Struts tags are using our internal mechanism which prevents
> evaluating malicious expressions, in case of using JSTL you don't have
> such control and as those tags are out of Struts control you can
> mistakenly inject a malicious code
> https://struts.apache.org/security/#internal-security-mechanism
>
> Also using JSTL and Struts tags in the same JSP is like using Java and
> Kotlin to write the same code. Anyway, Bad Idea.
>
>
> Regards
>
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
Re: OGNL in struts tag
wt., 18 lut 2020 o 17:04 M Huzaifah napisał(a): > Thank you Lucas, my goal is render the struts tag based on list of column > name that i've set before. So i have to iterate the list of column using > jstl than put the "name" on attribut name in struts tag. From here, i > think i miss understanding about struts tag. I use struts 2.5x that not > support for expressions anymore. Wait, what? Struts tags do not support expressions? Where did you find such information? Did you read that? https://struts.apache.org/tag-developers/tag-syntax.html (improved version I'm working on right now https://struts.staged.apache.org/tag-developers/tag-syntax.html) Also Struts tags are using our internal mechanism which prevents evaluating malicious expressions, in case of using JSTL you don't have such control and as those tags are out of Struts control you can mistakenly inject a malicious code https://struts.apache.org/security/#internal-security-mechanism Also using JSTL and Struts tags in the same JSP is like using Java and Kotlin to write the same code. Anyway, Bad Idea. Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: OGNL in struts tag
Dear Lucas,
Thank you Lucas, my goal is render the struts tag based on list of column
name that i've set before. So i have to iterate the list of column using
jstl than put the "name" on attribut name in struts tag. From here, i
think i miss understanding about struts tag. I use struts 2.5x that not
support for expressions anymore.
Dear Prasanth,
Yes thank you for your advise.
I have done my little work for dynamic field by generate html code (include
attribut name, id, value, class) in action class, then render the code into
JSP using ${htmlComponen} syntaks. I know this is temporary solution, for
next i have to improve.
On Tue, Feb 18, 2020, 21:28 Prasanth wrote:
> Guessing you are trying to create dynamic names for the text fields. If
> you have dynamic names how are you going to get the values into your
> action? You could probably have an array of text fields
> where the names of text fields are like mytext[columnName1],
> mytext[columnName2] etc.
>
> You can then use a map in the action to collect the values from the jsp.
> In the below example you would use a map named mycolumns.
>
>
>
>
>
> I think Struts2 tags don't allow EL so you have to use OGNL expression to
> create dynamic names.
>
> On 2/18/20 7:09 AM, Lukasz Lenart wrote:
> > wt., 18 lut 2020 o 05:22 M Huzaifah
> napisał(a):
> >> I've looking for solution how to create struts2 tag could generate
> >> dynamically. This is my code:
> >>
> >>
> >>
> >>
> > You shouldn't mix Struts and non-Struts tags, this is a bad idea. Why
> > don't you use here?
> > https://struts.apache.org/tag-developers/iterator-tag.html
> >
> > And I'm not sure what do you want achieve with this strange syntax
> > "name:${column.columnName}"?
> >
> >
> > Regards
>
>
Re: OGNL in struts tag
Guessing you are trying to create dynamic names for the text fields. If you
have dynamic names how are you going to get the values into your action? You
could probably have an array of text fields
where the names of text fields are like mytext[columnName1],
mytext[columnName2] etc.
You can then use a map in the action to collect the values from the jsp. In the
below example you would use a map named mycolumns.
I think Struts2 tags don't allow EL so you have to use OGNL expression to
create dynamic names.
On 2/18/20 7:09 AM, Lukasz Lenart wrote:
> wt., 18 lut 2020 o 05:22 M Huzaifah napisał(a):
>> I've looking for solution how to create struts2 tag could generate
>> dynamically. This is my code:
>>
>>
>>
>>
> You shouldn't mix Struts and non-Struts tags, this is a bad idea. Why
> don't you use here?
> https://struts.apache.org/tag-developers/iterator-tag.html
>
> And I'm not sure what do you want achieve with this strange syntax
> "name:${column.columnName}"?
>
>
> Regards
Re: OGNL in struts tag
wt., 18 lut 2020 o 05:22 M Huzaifah napisał(a):
> I've looking for solution how to create struts2 tag could generate
> dynamically. This is my code:
>
>
>
>
You shouldn't mix Struts and non-Struts tags, this is a bad idea. Why
don't you use here?
https://struts.apache.org/tag-developers/iterator-tag.html
And I'm not sure what do you want achieve with this strange syntax
"name:${column.columnName}"?
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
OGNL in struts tag
Dear All,
I've looking for solution how to create struts2 tag could generate
dynamically. This is my code:
There is a way we can use ${} ini struts tag?. I found security issue about
this evaluation sintaks in here :
https://securitylab.github.com/research/apache-struts-double-evaluation
Anyone has done with this?
Regards
