Win a copy of Penetration Testing Basics this week in the Security forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

scripting-invalid wierd behavior

Aravind Ramanthan
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I�m having some trouble with the <scripting-invalid> tag.

Scenario 1:

1. First, I turned on scripting - <scripting-invalid>false</scripting-invalid>
2. Ran test.jsp, and it loaded with the scriptlets(so far so good).
2. Now I turned off scripting - <scripting-invalid>true</scripting-invalid>
Tomcat window said �Reloading context� (which I figure means that the new web.xml has been reloaded.
4. Now I ran test.jsp again and it read the scriptlets (although I have turned on �scripting invalid� now).

Scenario 2:

In the above procedure if I use true in step 1, and then false in step 3, then behavior is as expected (i.e. scriptlets disabled when I ran step 2, and scriptlets enabled in step 5).

I don�t understand why the changes get updated in scenario 2 and not in scenario 1. I also tried restarting the server after changes were made to web.xml, but there wasn't any change in behavior.

My web.xml:

<web-app xmlns="" xmlns:xsi=""

xsi:schemaLocation="" version="2.4">

My test.jsp:

<%= "Sample text" %>

  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic