There is no issue. If there is a typo in the developer code, there is a
typo in the code. And sometimes typos cause security issues. As a
general rule, any code which is user provided should validated and
output escaped.
This is a topic which should be discussed on the user list.
-Tim
On 9/15/2010 2:36 PM, Michael Coates wrote:
Tomcat list,
It seems to me that the method used to request parameters from an
included jsp file should not "fail over" to the URL if the jsp:include
does not provide the parameter.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
