Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-4945

TagUtils#buildNamespace should throw an exception when invocation is null

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 2.6
    • Core Tags
    • None

    Description

      Right now TagUtils#buildNamespace will try to determine a namespace using Request in case where there is no action invocation available. This means a tag was used out of the action flow and JSP was exposed directly. This is against our recommendation and exception should be thrown instead.

      http://struts.apache.org/security/#never-expose-jsp-files-directly

      Attachments

        Activity

          People

            Unassigned Unassigned
            lukaszlenart Lukasz Lenart
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: