On Jan 18, 2006, at 11:24 AM, Jeff Genender wrote:
So assuming this appears to be somewhat "examples" related, is this truly a container problem, or just the jsp examples implementation?
IANASE, but it seems that any vulnerabilities must be fixed in the apps themselves -- certainly seems like the only course of action for G 1.0.1. I'm currently aware of problems with samples and the admin console.
Apps must insure they return appropriate content to clients. I don't see how a container could provide general XSS protection... I'm sure there are people who know much more than I on the topic...
--kevan
