tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: Cross site scripting safe
Date Wed, 14 Dec 2011 08:36:24 GMT
2011/12/14 Saeedahmed Subedar <Saeedahmed.Subedar@birlasunlife.com>:
> Not sure if this is the right mailing list to ask this, but..

Wrong. This question should be on the users@ list.

>
> Is the latest Tomcat 7 cross-site scripting safe? Or nevertheless, is some amount of
css filtering code required at the application level?

Tomcat 7 standard applications (except examples) and standard error
pages should be safe. Examples are likely to be safe as well, but not
much attention is payed to them, as they should not be present on
productive sites.

Your applications are your own responsibility.
If you need more detailed answer, ask on users@.

See also "Security Considerations" page in the manual.

> css filtering

It is usually called "xss", not css.

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message