request.getParameter() is used that it is possible, even if
unintended, that user controlled data could enter into play.
Thanks!
Michael
On 9/16/10 11:33 AM, Christopher Schultz wrote:
> Michael,
>
> On 9/15/2010 6:33 PM, Michael Coates wrote:
> > On 9/15/10 2:46 PM, Christophe
Chris,
Thanks for your detailed response. It is very helpful. I've got some
responses inline below.
On 9/15/10 2:46 PM, Christopher Schultz wrote:
> Michael,
>
> On 9/15/2010 3:05 PM, Michael Coates wrote:
> >
> http://michael-coates.blogspot.com/2010/09/dan
by surprise at first.
Thanks!
Michael Coates
OWASP
On 9/15/10 12:52 PM, Mikolaj Rydzewski wrote:
> Michael Coates wrote:
>> It seems to me that the method used to request parameters from an
>> included jsp file should not "fail over" to the URL if the jsp:include
>>
