Hi folks, Something i came across while testing some of our WebSphere installations (these have been fixed in the current versions of vanilla Apache, so i assume these are just an inherited problem from the old Apache codebase.. Makes you wonder what else there is? :^) ) Retreiving: http://our.websphere.server/<script>alert('helloworld')</script> Returns the properly parsed output.. However, trying to access outside of the webroot, results in some CSS issues: http://our.websphere.server/../<script>alert('helloworld')</script> My test servers were running: IBM_HTTP_Server/1.3.6.2 Apache/1.3.7-dev (Unix) IBM_HTTP_Server/1.3.6.3 Apache/1.3.7-dev (Win32) Cheers, Twi.
