Sorry about the delay, APEC holiday (don't ask). I'm not doing any fancy scripting just simple stuff like using jsp el in the s:if and s:property tags. I know that I could use the OGNL equivalents and in some situations do, but it's more a matter of standards.
Our team maintain and develop websites using a number of technologies including struts1, struts2, custom java and .NET which we have implemented or inherited. On the java side we have spent considerable effort to consolidate the technologies we use so that we can avoid stretching ourselves too thin. Productivity is improved as we are using technologies we are familiar with without having to think how is this done using this particular technology We decided on JSTL, JSP EL and velocity for the display technologies as these covered every project we were working on. And we thought we were covered on the struts2 front. Don't misinterpret what I am saying, I am not saying JSP EL is better than OGNL. In fact OGNL clearly has significant advantages. But, and it's a big hairy one, OGNL can't easily be introduced into legacy apps we maintain. I'm not saying don't have OGNL, but rather let us have a choice. I find it difficult to believe that there isn't a simple solution to this problem. The upshot is that we will probably move away from using S2 tags where we can and only use the S2 form tags. Z. > Zoran, > > what do you want to script in the tags? I would be interested in a small > example, only because I often find my use of JSTL is restricted to situations > where I am not using taglibs. Which leads me to ask, if you rely on JSTL > anyway, > surely you use the Standard taglib tags? > > > Adam > > Zoran Avtarovski on 06/09/07 05:20, wrote: >> That just sounds ridiculous. Because of the possibility of end users >> injecting malicious OGNL we won't be able to use JSP expression language. >> >> Pardon me for being blunt but isn't the obvious solution to fix the >> underlying vulnerability in OGNL rather than crippling JSP and Freemarker >> use in struts2. >> >> This basically forces us to use OGNL, which I think is plain wrong. >> >> Z. >> >>> You can up until Struts 2.0.9. There is a security flaw related to this >>> though >>> and you will no longer be able to do it in Struts 2.0.10. >>> >>> See the following JIRA ticket for more info: >>> >>> https://issues.apache.org/struts/browse/WW-2107 >>> >>> James >>> >>> >>> On Wed Sep 5 11:31 , Néstor Boscán <[EMAIL PROTECTED]> sent: >>> >>>> Hi >>>> >>>> Is there a way to use the JSTL Expression Language with Struts 2 tags >>>> instead of OGNL? > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
