[TILES-351] EL expressions in JSP using some Tiles JSP tags are evaluated twice - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.1.0, 2.1.1
Fix Version/s: 2.1.2
Component/s: tiles-api, tiles-core, tiles-jsp (jsp support)
Labels:
None
Environment:

EL support enabled

Flags:

Important

Description

Tiles 2.1.x allows, with the correct configuration, to use EL expressions in Tiles configuration files.

The problem is that, if attribute values or templates are defined using some JSP tags (tiles:putAttribute, tiles:insertTemplate), the EL expression is evaluated twice, one by the container, one by the ELAttributeEvaluator class.

Now, if at the first evaluation the EL expression is connected to a user-entered content, it could be maliciously exploited to access the server context.

Therefore, there could be an unwanted exposure of server data or XSS attacks.

Attachments

Activity

People

Assignee:: Antonio Petrelli

Reporter:: Antonio Petrelli

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 14/Jan/09 17:06

Updated:: 15/Jan/09 11:16

Resolved:: 15/Jan/09 11:16