https://bz.apache.org/bugzilla/show_bug.cgi?id=60490
--- Comment #2 from Michael Osipov <1983-01...@gmx.net> --- (In reply to Christopher Schultz from comment #1) > Some comments. > > - Line endings should be either be CRLF or LF. On certain systems, > System.lineSeparator may return CR only which could cause some problems[1]. > I'd recommend reverting that particular change, or using CRLF. Thanks for that, looks like an oversight from me. I will rework on Tuesday. It was previously \n. How can that method return \r? Documentation says LF on Unix, CRLF on Windows. > - All of the various messages here need to be HTML-escaped before being > dropped-into the HTML document. Specific examples: reason phrase, error > message and description, root cause, and stack trace elements. You might > consider this out-of-scope for your patch, which is okay. The messages are in our control, nothing which needs to be escaped. The stacktrace gets escaped already by RequestUtil#filter(). Why should everything but stacktrace be espaced if there is nothing unsafe for HTML? I do agree that "message" has to be escaped, yes! > [1] > http://stackoverflow.com/questions/5916340/using-only-cr-as-linebreak-inside- > pre-tag-doesnt-work -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
