928282912)${c}$c — #set($c=922488346

Directives like #set are generally safe, but if the numbers represent IDs or data from an untrusted source, they should be handled with care to prevent injection.

In most Apache Velocity Engine versions, this would trigger a ParseErrorException because of the unexpected space between the two numbers. #set($c=922488346 928282912)${c}$c

This is the shorthand notation for the same variable. 🔍 Technical Review & Analysis Logic Directives like #set are generally safe, but if

Velocity Template Language (VTL): An Introduction. The Velocity Template Language (VTL) is meant to provide the easiest, simplest, Apache Velocity Apache Velocity Engine VTL Reference 🔍 Technical Review & Analysis Logic Velocity Template

This uses the #set directive to assign a value to the variable $c . However, the syntax 922488346 928282912 is invalid because it lacks an operator (like + or - ) or a comma to separate the values into an array.