tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Remy Maucherat" <r...@apache.org>
Subject Re: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/generators StaticInterceptor.java
Date Tue, 16 Apr 2002 10:52:00 GMT
> Hi Remy,
>
> > As I stated in the comments of the bug, I don't agree with your
> > interpretation about the JSP displaying "code".
>
> Sorry again for not making myself clear. To put it exact (I hope ...):
>
> There are cases in complex include/forward scenarios where Tomcat serves
> JSPs as static resources. So the *client browser* receives something like
> this as plain text:

I actually tried the test case (I guess I should have tried it before ...),
and it didn't do what I thought it would do. This does not qualify as a
security issue by my book, though (it is recommended to test your
application before putting it in production).

> PS Thanks for incorporating the patch that changes the shutdown order in
> StandardContext.

You also were pushing for that one ?
Cool.

The fix seems to be working ok. I actually changed start/stop/reload.

I like safer patches a lot better in general, though ;-)

Remy


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message