https://bz.apache.org/bugzilla/show_bug.cgi?id=58040
--- Comment #3 from Andreas Beeker <[email protected]> --- Actually I'm not sure how to fix this ...: first thought was, there might be a config option in the underlying logger, but we can't rely on it as we have different logger interfaces which some (or all?) do not provide such an option. Next thought was, to simply change the POILogger class and sanitize the CR/LFs, limit the length, but then we also might need XSS filtering. I don't like the idea of forcing html encoding in the logging class, just because the log might be viewed in a browser. So maybe we just provide another logging facade with the above features, but then should we enable it by default, by system property (which nobody realize to set it) or some heuristic ("we are running in an appserver, so we should activate xss filtering, because appserver logs are often viewed online ...")? Andi -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
