[Owasp-csrfguard] Fwd: <csrf:a> tag issue

Patrick Radtke pradtke at stanford.edu
Thu Jul 12 16:48:58 UTC 2012


You are mixing JSP scriplets with JSTL tags. That is generally 
considered bad practice. The JSTL tag only can know EL variables and 
won't resolve your scriplet variables.

On 7/11/12 1:04 PM, Amol Walunjkar wrote:
> Hi,
>
> I am using *<csrf:a>* tag for creating a hyperlink and for its *href
> *attribute I am using jsp expression as below
>
> <csrf:a href="myservlet?name=*/<%=somename%>/*" ></csrf:a>
>
> in above statement, "somename" is a jsp variable and provided by using
> jsp expression.
> Now when the form get submitted to the server, the */somename
> /*parameter value does not get transfer properly. Instead of sending the
> runtime value for the variable "somename" it send the value as
> */<%=somename%>.
> /*This is NOT a problem when using regular <a> tag and only when I am
> using <csrf:a> tag I am getting this problem
>
> Is it known problem with this tag ?
> Please suggest the solution
>
> --
> Regards,
> Amol
>
>
>
> --
> Regards,
> Amol
>
>
> _______________________________________________
> Owasp-csrfguard mailing list
> Owasp-csrfguard at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-csrfguard
>




More information about the Owasp-csrfguard mailing list