tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 43497] Add ability to escape rendered output of JSP expressions
Date Wed, 20 Oct 2010 14:48:45 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=43497

--- Comment #3 from Nacho Coloma <icoloma@gmail.com> 2010-10-20 10:48:11 EDT ---
Any chance this bug receives some attention? Any application on Tomcat is
susceptible of XSS attacks, and it should be easy to fix.
Keeping the current behavior as default is reasonable, but please provide some
flag to switch. Right now I have to keep my own separate patch jar, and merge
into Tomcat.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message