我想使用自定义EL解析器来逃避XSS,如下所述: http://pukkaone.github.io/2011/01/03/jsp-cross-site-scripting-elresolver.html
我添加了
<listener>
<listener-class>com.github.pukkaone.jsp.EscapeXmlELResolverListener</listener-class>
</listener>
到我的web.xml,版本=“3.0”
当我使用tomcat7-maven-plugin启动我的应用程序时:mvn tomcat7:run 我收到以下错误
SEVERE: Exception sending context initialized event to listener instance of class com.github.pukkaone.jsp.EscapeXmlELResolverListener
java.lang.NullPointerException
at com.github.pukkaone.jsp.EscapeXmlELResolverListener.contextInitialized(EscapeXmlELResolverListener.java:37)
其中JspFactory.getDefaultFactory()
返回null。
相关问题表明问题是servlet / jsp jar冲突,但我的定义为
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
<version>2.2</version>
<scope>provided</scope>
</dependency>
我还确认dependency:tree -Dverbose=true
在类路径上没有任何杂散依赖。
答案 0 :(得分:0)
please can you check the dependency for servlet-api? artifactid should be servlet-api instead of javax.servlet-api