it can expose to the client server data since it doesn't pass through servlet layer even when expected (jsp typically). Sure I introduced it but it has to be reworked a bit (not yet sure how).
Romain Manni-Bucau Twitter: @rmannibucau Blog: http://rmannibucau.wordpress.com/ LinkedIn: http://fr.linkedin.com/in/rmannibucau Github: https://github.com/rmannibucau 2014-09-15 9:54 GMT+02:00 Andy Gumbrecht <[email protected]>: > Can you be more specific? This was a change made by you, so why introduce > something that you would -1 ? > > Andy. > > On 14/09/2014 21:54, Romain Manni-Bucau wrote: >> >> >> 1339 opens the door to some security issues, not sure it does worth a -1 >> > > -- > Andy Gumbrecht > https://twitter.com/AndyGeeDe > http://www.tomitribe.com >
