tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Saeedahmed Subedar <>
Subject RE: Cross site scripting safe
Date Wed, 14 Dec 2011 09:39:35 GMT


SaeedAhmed Subedar, BSLI

-----Original Message-----
From: Konstantin Kolinko []
Sent: Wednesday, December 14, 2011 2:06 PM
To: Tomcat Developers List
Subject: Re: Cross site scripting safe

2011/12/14 Saeedahmed Subedar <>:
> Not sure if this is the right mailing list to ask this, but..

Wrong. This question should be on the users@ list.

> Is the latest Tomcat 7 cross-site scripting safe? Or nevertheless, is some amount of
css filtering code required at the application level?

Tomcat 7 standard applications (except examples) and standard error
pages should be safe. Examples are likely to be safe as well, but not
much attention is payed to them, as they should not be present on
productive sites.

Your applications are your own responsibility.
If you need more detailed answer, ask on users@.

See also "Security Considerations" page in the manual.

> css filtering

It is usually called "xss", not css.

Best regards,
Konstantin Kolinko

To unsubscribe, e-mail:
For additional commands, e-mail:

The information contained in this electronic communication is intended solely for the individual(s)
or entity to which it is addressed. It may contain proprietary, confidential and/or legally
privileged information. Any review, retransmission, dissemination, printing, copying or other
use of, or taking any action in reliance on the contents of this information by person(s)
or entities other than the intended recipient is strictly prohibited and may be unlawful.
If you have received this communication in error, please notify us by responding to this email
or telephone and immediately and permanently delete all copies of this message and any attachments
from your system(s). The contents of this message do not necessarily represent the views or
policies of Aditya Birla Group. Computer viruses can be transmitted via email. Aditya Birla
Group Companies attempts to sweep e-mails and attachments for viruses, it does not guarantee
that either are virus free. The recipient should check this email and any attachments for
the presence of viruses. Aditya Birla Group does not accept any liability for any damage sustained
as a result of viruses.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message