Thanks for your replay. Will do. Moving conversation to user list. Michael Coates OWASP
On 9/15/10 11:59 AM, Tim Funk wrote: > There is no issue. If there is a typo in the developer code, there is > a typo in the code. And sometimes typos cause security issues. As a > general rule, any code which is user provided should validated and > output escaped. > > This is a topic which should be discussed on the user list. > > -Tim > > On 9/15/2010 2:36 PM, Michael Coates wrote: >> >> Tomcat list, >> >> >> It seems to me that the method used to request parameters from an >> included jsp file should not "fail over" to the URL if the jsp:include >> does not provide the parameter. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
