2011/12/14 Saeedahmed Subedar <saeedahmed.sube...@birlasunlife.com>:
> Not sure if this is the right mailing list to ask this, but..
Wrong. This question should be on the users@ list.

>
> Is the latest Tomcat 7 cross-site scripting safe? Or nevertheless, is some 
> amount of css filtering code required at the application level?

Tomcat 7 standard applications (except examples) and standard error
pages should be safe. Examples are likely to be safe as well, but not
much attention is payed to them, as they should not be present on
productive sites.

Your applications are your own responsibility.
If you need more detailed answer, ask on users@.

See also "Security Considerations" page in the manual.

> css filtering

It is usually called "xss", not css.

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to