I have a Spring Web application integrated with HDIV for security. I've changed some of the functionality, which is now working as expected, however I get some of these errors in the log:
14:34:51,595 INFO [org.hdiv.logs.Logger] (http-localhost-127.0.0.1-8443-4) INVALID_EDITABLE_VALUE;/rule_engine;ruleExpression;(my expression value here);127.0.0.1;127.0.0.1;anonymous
Could you please suggest why is it so and how can I avoid this? Thanks in advance.
答案 0 :(得分:2)
您似乎正在使用危险的表达方式。 HDIV包含一组默认的验证规则,试图避免最常见的风险,如XSS和SQL注入。默认情况下,将验证请求的所有可编辑字段。
您有关于此here的更多信息,请检查this configuration。
如果要对特定网址禁用该验证,请尝试以下方法:
<hdiv:editableValidations>
...
<hdiv:validationRule url="/rule_engine" enableDefaults="false"></hdiv:validationRule>
...
</hdiv:editableValidations>