| JSTL tags inside rptdesign file [message #1786659] |
Wed, 09 May 2018 01:45 |
Eclipse User |
|
|
|
Hi,
We have a very old project which uses Birt 2.3.1. And one of the issues we have come across is that we load the report file using an iframe and the parameters for the report is passed in the URL.
So someone can change this URL parameters to execute a javascript function when loading the report. (Cross site scripting - XSS).
Inorder to avoid that what I'm trying to do is to use JSTL to access the URL parameters which will stop executing javascript code on the report file.
To do that I added the jstl jar to my reporting web application lib folder and added the jstl namespace to the rptdesign file and accessed the URL parameters as following.
<expression name="valueExpr"><c:out value="params['week'].value"/>+" of "+ <c:out value="params['year'].value"/></expression>
JSTL namespace is added as following in the header of rptdesign file.
<report xmlns="http://www.eclipse.org/birt/2005/design" version="3.2.17" id="1"
xmlns:c="<jstl url>"
xsi:schemaLocation="<jstl url>">
But when loading the report it is complaining with the following error
Error Code:Error.XMLParserException.UNKNOWN_TAG Message:The XML file contains an unsupported element.
and the report is not found.
* Can not post the jstl url since only eclipse.org is allowed
Anyhelp would be appreciated.
|
|
|
Powered by
FUDForum. Page generated in 0.05691 seconds
Home