[
http://jira.codehaus.org/browse/MRM-1468?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=263010#action_263010
]
Marc Jansen Tan Chua commented on MRM-1468:
-------------------------------------------
Hi,
Implementation proposal:
I seem to have noticed the lack of field validation in most of the input forms.
I will start by strengthening the field validation for those that are
vulnerable to XSS exploits. Also I will be altering some JSP output tags, since
some of them uses struts2 output tags that does not escape the injected
scripts. The jsp native output function c:out would escape injected scripts.
Validation messages/notifications would be in property(.properties) files.
Any thoughts on this proposal??
Comments & suggestions, would be much appreciated.
> Fix cross-site scripting vulnerability in Archiva.
> --------------------------------------------------
>
> Key: MRM-1468
> URL: http://jira.codehaus.org/browse/MRM-1468
> Project: Archiva
> Issue Type: Task
> Reporter: Marc Jansen Tan Chua
>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
