kazukin6 wrote: > Is it possible to disable all java code execution within jsp page (by > security manager or something) > but allow custom tags to be executed? > > The problem is that the users can change jsp files, and due to security > reasons we can allow them to use only tags
Unfortunately I don't have an idea on how to prevent Java snippets in JSPs, but have you considered whether using Java security manager would be enough to defend you against the estimated threats? -- ..Juha --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]