[opencms-dev] Running opencms in servlet 2.4/jsp 2.0 container
Martin Kuba
makub at ics.muni.cz
Thu Jul 7 17:34:30 CEST 2005
Fredrik Andersson wrote:
> Hi!
>
> I'm wondering if someone has any experience of running OpenCms in a servlet 2.4/jsp 2.0 container.
>
> I just changed the deployment descriptor to the 2.4 version and restarted and stuff seems to work as
> before.
>
> The reason i would want to do it is to enable the use of the expression language in my jsp-pages.
> It's more compact to write ${myvalue} than having to write <c:out value="${myvalue}"/> using JSTL.
>
> Any ideas or comments?
I am using OpenCms 6.0beta2 in TomCat 5.5 with web.xml changed
to Servlet 2.4, to be able to use JSTL1.1, and it works
without problems.
However I am not using any of the new XML content features,
which seem to be conflicting in syntax with JSTL EL language.
Just a side note - beware that using ${myvalue} instead
of <c:out value="${myvalue}"/> is vulnerable to cross-site scripting
attacks if the myvalue attribute is user supplied, because
the c:out version does XML escaping, while the ${myvalue} version does not.
Martin
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Supercomputing Center Brno Martin Kuba
Institute of Computer Science email: makub at ics.muni.cz
Masaryk University http://www.ics.muni.cz/~makub/
Botanicka 68a, 60200 Brno, CZ mobil: +420-603-533775
--------------------------------------------------------------
More information about the opencms-dev
mailing list