subject:"svn commit\: r496022 \- in \/tomcat\: container\/tc5.5.x\/webapps\/docs\/changelog.xml jasper\/tc5.5.x\/src\/share\/org\/apache\/jasper\/servlet\/JspServlet.java"

Re: svn commit: r496022 - in /tomcat: container/tc5.5.x/webapps/docs/changelog.xml jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java

2007-01-14 Thread Tim Funk

Is this screaming XSS attack? Since javadocs in getRequestURI() say ... The web container does not decode this String -Tim [EMAIL PROTECTED] wrote: Author: markt Date: Sat Jan 13 18:45:48 2007 New Revision: 496022 URL: http://svn.apache.org/viewvc?view=revrev=496022 Modified:

Re: svn commit: r496022 - in /tomcat: container/tc5.5.x/webapps/docs/changelog.xml jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java

2007-01-14 Thread Mark Thomas

Tim Funk wrote: Is this screaming XSS attack? Since javadocs in getRequestURI() say ... The web container does not decode this String It would be if it wasn't for line 177 of o.a.c.valves.ErrorReportValve which does: String message = RequestUtil.filter(response.getMessage()); Mark

Re: svn commit: r496022 - in /tomcat: container/tc5.5.x/webapps/docs/changelog.xml jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java

2007-01-14 Thread Tim Funk

Sweet - I thought that was the case. [But wanted to make sure.] -Tim Mark Thomas wrote: Tim Funk wrote: Is this screaming XSS attack? Since javadocs in getRequestURI() say ... The web container does not decode this String It would be if it wasn't for line 177 of

svn commit: r496022 - in /tomcat: container/tc5.5.x/webapps/docs/changelog.xml jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java

2007-01-13 Thread markt

Author: markt Date: Sat Jan 13 18:45:48 2007 New Revision: 496022 URL: http://svn.apache.org/viewvc?view=revrev=496022 Log: Fix bug 41327. Show full request URI for a 404. Patch provided by Vijay. Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml