Yes. That is the location of the finding. And yes, using textContent
property should resolve the finding.
On Monday, December 7, 2015 at 3:44:14 AM UTC-5, Thomas Mueller wrote:
>
> Hi,
>
> data.zip contains all resources (javascript files, html files, error
> messages and so on). It is generated by the build. It is not OK to remove
> it.
>
> I would rather fix the problem, could you tell us what exactly is the
> problem with tools.jsp? My guess is the problem is this line:
>
> document.getElementById('toolName').innerHTML = name;
>
> I guess we should use innerText instead of innerHTML here.
>
> Regards,
> Thomas
>
> On Thu, Dec 3, 2015 at 3:19 AM, <[email protected] <javascript:>> wrote:
>
>> In the compiled jar, there is a data.zip file location in org\h2\util\.
>> In data.zip, there is a tools.jsp file that has a dom-xss finding flagged
>> by Fortify tool.jsp. Wondering if data.zip is just a sample since the
>> source jar doesn't have a data.zip file. Can anyone confirm if data.zip is
>> okay to manually remove from the compiled jar?
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "H2 Database" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> To post to this group, send email to [email protected]
>> <javascript:>.
>> Visit this group at http://groups.google.com/group/h2-database.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
You received this message because you are subscribed to the Google Groups "H2
Database" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/h2-database.
For more options, visit https://groups.google.com/d/optout.
