I seem to have successfully pushed Struts in my company (a big Wall
St. bank). However, today, I was asked the following question:
How can I guarantee that there are no hacks, bombs, etc. in the
Struts code or any OS code for that matter?
My immediate response was, how can you
David Graham wrote:
The struts-config_1_1.dtd file starts with this line:
?xml version=1.0 encoding=ISO-8859-1?
which I think is incorrect. DTDs aren't xml documents so
they shouldn't start with that processing instruction.
I'm not an XML expert but Sun's DTDs don't have this line