RAILO-287 Allow the CGI scope be writable.
Allow the CGI scope be writable. XSS can happen via the CGI scope and it would be nice to filter and change it.
Changing the implementation of CGI to allow keys to be written to would introduce a small performance overhead on cascading scope lookup (unqualified variables are looked up in CGI, Form, URL scope…).
Is this feature still being considered? If so, any ETA?
Bruce Kirkpatrick commented
I had to replace hundreds of CGI path variables on 60 sites to reference a copy of the CGI in the last week. This feature would have helped save some time in migrating to using a single tomcat context.