ognl

问题 My List contains("A","B","C","D") elements <s:iterator value="lis"> <s:property /><br> </s:iterator> and String str="A"; <s:property value="%{#request.str}"/> I want to compare every element of list(lis) with String s. 回答1: With the IteratorStatus object: <s:iterator value="lis" status="ctr"> <s:property /> <s:if test="%{#request.str.equals(lis[#ctr.index])}"> -> This value from "lis" is equal to the value of "str" </s:if> <br/> </s:iterator> With the var parameter: <s:iterator value="lis"

问题 As mentioned in http://www.disasterarea.co.uk/blog/xss-vulnerabilities-in-web-frameworks-2/ The ${} is not xss safe in struts 2 while it is safe in tapestry 5. I am not a Tapestry guy, but I want to know if above is correct. As far as I know the ${} is part of JSLT and it does not depend on any web frameworks. So if above sentence is correct and the ${} is XSS safe in tapestry, how can we make it safe in struts 2. Updated: To test it I run struts2-showcase app, opened modelDriven\

问题 I\'m trying to create a dynamic variable in Struts2 using set tag <s:set var=\"myNum\" value=\"numConst\" /> <s:set var=\"number\" value=\"%{getText(\'@xxx.CommonConstant@\'+#myNum)}\" /> numConst will return a dynamic value that retrieved from database. For example, if the value is NINE then number should be @xxx.CommonConstant@NINE I have set the value in my java class so that @xxx.CommonConstant@NINE will return 9 . So far, the value can be displayed with no problem in text tag if I use <s

问题 The issue is related to the ModelDriven and Struts 2.3.16. Since the behavior of the params interceptor changed to access parameters passed to the action requires to configure acceptParamNames list to use with ModelDriven action. If acceptParamNames list is empty, it works by default accepting params via default pattern. Suppose we have a ModelDriven action: @Namespace(\"/modelDriven\") public class ModelDrivenAction extends ActionSupport implements ModelDriven { private Gangster model = new

问题 I\'m using Datatables server side ajax pagination and need to pass some variables to server. My server is running Struts2 actions to handle this datatables requests. I\'m facing some problems because datatables is passing predefined internal variables (like iDisplayStart, iDisplayLength, iColumns, sSearch), but Struts2 cannot receive this kind of camelcase style (just first one char lower and second upper case). To ensure this, I created this test action: @Action (value = \"dummy\", results =

问题 I\'m working with Struts2 and when I\'m accessing value stack variables I don\'t know whether to use % or # or $ . I try all of them until I find the correct one. Can Anybody Explain what is the difference between these? 回答1: Use of # (pound sign) OGNL is used to refer to objects in the ActionContext as follows: objectName : object in the ValueStack (default/root object in the OGNL context), such as an Action property #objectName : object in the ActionContext but outside of the ValueStack,

问题 There is an object ObjectA which has a list of ObjectB . There is a TreeMap inside the ObjectB . This TreeMap has a String as key and a List of another object ObjectC as value. This TreeMap and the list inside has been displayed on the jsp using the s:iterator and s:textfield and it is being displayed correctly. i.e. the \"values\" inside the s:textfield are correct. Now, the problem arises when the textfield is modified. How do we capture the modified values inside ObjectC in the action