https://issues.apache.org/bugzilla/show_bug.cgi?id=43497
--- Comment #4 from Chin Huang <pukka...@gmail.com> 2011-02-27 13:49:50 EST --- If you don't want to patch Tomcat, here is a custom ELResolver that XML-escapes EL values. You just have to add a servlet context listener to web.xml to configure it in your web application. http://pukkaone.github.com/2011/01/03/jsp-cross-site-scripting-elresolver.html -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
