ClasstargetClass= target.getClass(); ClassmemberClass= member.getDeclaringClass(); ... if (isPackageExcluded(targetClass.getPackage(), memberClass.getPackage())) { LOG.warn("Package of target [{}] or package of member [{}] are excluded!", target, member); returnfalse; }
<!-- this must be valid regex, each '.' in package name must be escaped! --> <!-- it's more flexible but slower than simple string comparison --> <!-- constant name="struts.excludedPackageNamePatterns" value="^java\.lang\..*,^ognl.*,^(?!javax\.servlet\..+)(javax\..+)" / -->
<!-- this is simpler version of the above used with string comparison --> <constantname="struts.excludedPackageNames" value=" ognl., javax., freemarker.core., freemarker.template., freemarker.ext.rhino., sun.reflect., javassist., com.opensymphony.xwork2.ognl., com.opensymphony.xwork2.security., com.opensymphony.xwork2.util." />
protectedvoidpopulateComponentHtmlId(Form form) { String tryId; String generatedId; if (id != null) { // this check is needed for backwards compatibility with 2.1.x tryId = findStringIfAltSyntax(id); } ... }
<!-- this must be valid regex, each '.' in package name must be escaped! --> <!-- it's more flexible but slower than simple string comparison --> <!-- constant name="struts.excludedPackageNamePatterns" value="^java\.lang\..*,^ognl.*,^(?!javax\.servlet\..+)(javax\..+)" / -->
<!-- this is simpler version of the above used with string comparison --> <constantname="struts.excludedPackageNames" value=" ognl., java.io., java.net., java.nio., javax., freemarker.core., freemarker.template., freemarker.ext.jsp., freemarker.ext.rhino., sun.misc., sun.reflect., javassist., org.apache.velocity., org.objectweb.asm., org.springframework.context., com.opensymphony.xwork2.inject., com.opensymphony.xwork2.ognl., com.opensymphony.xwork2.security., com.opensymphony.xwork2.util." />