DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=38749>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38749 ------- Additional Comments From [EMAIL PROTECTED] 2006-02-22 16:12 ------- I agree we should fix this. We had a similar thing recently and not all servlet containers we're affected - it depended on whether the container filtered the output from the exception: http://wiki.apache.org/struts/StrutsXssVulnerability As a workaround in the meantime you have a few options: 1) Configure a Struts exception handler 2) Configure a custom error page for your servlet container 3) Have a custom LookupDispatchAction overriding the getLookupMapName() method: protected String getLookupMapName(HttpServletRequest request, String keyName, ActionMapping mapping) throws ServletException { try { super.getLookupMapName(request, keyName, mapping); } catch (Exception e) { log.error("LookupDispatchAction error " + e); throw new ServletException("Error in LookupDispatchAction"); } } -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]