tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 43497] Add ability to escape rendered output of JSP expressions
Date Wed, 20 Oct 2010 14:48:45 GMT

--- Comment #3 from Nacho Coloma <> 2010-10-20 10:48:11 EDT ---
Any chance this bug receives some attention? Any application on Tomcat is
susceptible of XSS attacks, and it should be easy to fix.
Keeping the current behavior as default is reasonable, but please provide some
flag to switch. Right now I have to keep my own separate patch jar, and merge
into Tomcat.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message