Question

我想使用自定义EL解析器来逃避XSS，如下所述： http://pukkaone.github.io/2011/01/03/jsp-cross-site-scripting-elresolver.html

我添加了

<listener>
    <listener-class>com.github.pukkaone.jsp.EscapeXmlELResolverListener</listener-class>
</listener>

到我的web.xml，版本=“3.0”

当我使用tomcat7-maven-plugin启动我的应用程序时：mvn tomcat7：run 我收到以下错误

SEVERE: Exception sending context initialized event to listener instance of class com.github.pukkaone.jsp.EscapeXmlELResolverListener
java.lang.NullPointerException
    at com.github.pukkaone.jsp.EscapeXmlELResolverListener.contextInitialized(EscapeXmlELResolverListener.java:37)

其中JspFactory.getDefaultFactory()返回null。

相关问题表明问题是servlet / jsp jar冲突，但我的定义为

    <dependency>
    <groupId>javax.servlet</groupId>
    <artifactId>javax.servlet-api</artifactId>
    <version>3.0.1</version>
    <scope>provided</scope>
</dependency>
  <dependency>
      <groupId>javax.servlet.jsp</groupId>
      <artifactId>jsp-api</artifactId>
      <version>2.2</version>
      <scope>provided</scope>
  </dependency>

我还确认dependency:tree -Dverbose=true在类路径上没有任何杂散依赖。

Answer 1

please can you check the dependency for servlet-api? artifactid should be servlet-api instead of javax.servlet-api

无法注册自定义ELResolver

1 个答案: