myfaces-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeanne Waldman (JIRA)" <>
Subject [jira] Created: (TRINIDAD-703) Make image loading more secure
Date Tue, 11 Sep 2007 22:17:32 GMT
Make image loading more secure

                 Key: TRINIDAD-703
             Project: MyFaces Trinidad
          Issue Type: Bug
            Reporter: Jeanne Waldman
            Assignee: Jeanne Waldman

Andy Schwartz found this issue:

We register our image resource loader with a fairly loose pattern:
             new CoreClassLoaderResourceLoader(parent));

In theory could someone get at an image on the class path outside of our own
images by doing crafting a funky URL along the lines of
should prevent access outside of the "rootPackage".

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message