I have a Spring Web application integrated with HDIV for security. I've changed some of the functionality, which is now working as expected, however I get some of these errors in the log:
14:34:51,595 INFO [org.hdiv.logs.Logger] (http-localhost-127.0.0.1-8443-4) INVALID_EDITABLE_VALUE;/rule_engine;ruleExpression;(my expression value here);127.0.0.1;127.0.0.1;anonymous
Could you please suggest why is it so and how can I avoid this? Thanks in advance.
It seems that you are using a dangerous expression. HDIV includes a default group of validation rules that try to avoid the most common risks such as XSS and SQL Injection. By default all editable fields of the request are validated.
You have more information about this here and check this configuration out.
If you want to disable that validation for an specific url try this out:
<hdiv:editableValidations>
...
<hdiv:validationRule url="/rule_engine" enableDefaults="false"></hdiv:validationRule>
...
</hdiv:editableValidations>