Have you found a solution for this? I am having the same issue. We use a security program to scan our web applications, and the program is giving us a warning saying that this is a cross site scripting security issue with high severity.
I am using 3.5.1 too. Is there a way to disable the JSON output when this error happens? I believe this will make the javascript not to show in the browser. Thank you, -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
