Sweet - I thought that was the case. [But wanted to make sure.]
-Tim
Mark Thomas wrote:
Tim Funk wrote:
Is this screaming XSS attack?
Since javadocs in getRequestURI() say ... "The web container does not
decode this String"
It would be if it wasn't for line 177 of o.a.c.valves.ErrorReportValve
which does:
String message = RequestUtil.filter(response.getMessage());
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
