Dave Newton wrote:
--- GF <[EMAIL PROTECTED]> wrote:
Time ago I noticed that javascript were removed in the pages linked by
is this your case too?
http://struts.apache.org/2.x/docs/dojo-div.html
executeScripts
d.
http://struts.apache.org/2.x/docs/dojo-div.html
separateScript
I don't think this is a critical problem sheerly because the high
prevalence of such vulnerabilities means some of the responsibility
falls on the developer to not trust user-entered data.. The specific
vulnerability is that when includeParams != none, the request URL was
rendered unmodified w
I don't believe 2.1.0 is going to be rated more than a test-build.
Usually, we start with a test-build, and then vote whether to release
the build as a beta. If the feedback is good, we might then raise the
quality of that version to General Availability. Hopefully, this will
happen with 2.1.1 (tho
Yes, I use Tomcat 5.5. Where in tomcat do I configure directories not
handled with mod_jk?
By the way, is there a Struts2 config only?
thank you
On Jan 12, 2008 6:56 PM, GF <[EMAIL PROTECTED]> wrote:
> If you are using apache+tomcat, you can place static file in a
> directory not handled with m
Hi!
Tanks a lot for your answers. I'll try to use your conclusions.
Good luck!
Starshy
--
View this message in context:
http://www.nabble.com/Struts-2.0.9-%2B-Dojo-tp14753659p14777869.html
Sent from the Struts - User mailing list archive at Nabble.com.
---
hi there
how about the 2.1 beta ??
wil we get it?
F
Well, i think you should keep on the server some tracking of the
complete percentile of the task. Then with some ajax you periodically
ask to the server the task status and update the html page.
Just an idea.
On Jan 11, 2008 10:14 PM, fea jabi <[EMAIL PROTECTED]> wrote:
>
> Working a process which
If you are using apache+tomcat, you can place static file in a
directory not handled with mod_jk
On Jan 12, 2008 6:28 PM, Filipe David Manana <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I have set the property struts.action.extension to the empty string. I can
> now invoke my actions with the default ".a
Of course,
to raise this security issues, the includeParams attribute parameter
of
The javascript is executed using Internet Explorer 6 with all of its
patches installed.
The exact query string to do an XSS attack is this
>'">alert(document.cookie)
However I think the problem is not browser related, if you use wrote:
> What browser are you using, and what's the exact query str
Hi,
I have set the property struts.action.extension to the empty string. I can
now invoke my actions with the default ".action" suffix, although I have a
problem:
css files (ending in .css) and javascript (.js) are no longer accessible to
the client.
How can I fix this?
cheers
--
Filipe David
What browser are you using, and what's the exact query string being used?
I'm having issues duplicating this.
d.
--- Antonio Petrelli <[EMAIL PROTECTED]> wrote:
> 2008/1/12, GF <[EMAIL PROTECTED]>:
> > http://localhost:8080/struts2-blank-2.0.11/example/XSS.jsp?
> > >'">alert(document.cookie)
>
2008/1/12, GF <[EMAIL PROTECTED]>:
> http://localhost:8080/struts2-blank-2.0.11/example/XSS.jsp?
> >'">alert(document.cookie)
>
> I tested this .jsp inside the 2.0.11 blank application.
> I think it's a severe problem, because every Struts2 website using
> this way
I use already the executeScripts parameter but there is no affect.
The Scripts are removed from my result.
newton.dave wrote:
>
> --- Johannes Geppert <[EMAIL PROTECTED]> wrote:
>> yes all
--- Johannes Geppert <[EMAIL PROTECTED]> wrote:
> yes all
--- GF <[EMAIL PROTECTED]> wrote:
> Time ago I noticed that javascript were removed in the pages linked by
> is this your case too?
http://struts.apache.org/2.x/docs/dojo-div.html
executeScripts
d.
-
To unsubscribe, e-mail:
Since Struts offers an exception Handler
(org.apache.struts.action.ExceptionHandler ), then I got a question:
in my action, should I try and catch the exception (in the execute's
method) that may be throwed in business layer and forward to an
ActionForward? Or don't do any try and cath in the act
yes all
Time ago I noticed that javascript were removed in the pages linked by
is this your case too?
On Jan 12, 2008 12:34 PM, Johannes Geppert <[EMAIL PROTECTED]> wrote:
>
> Hello,
>
> I have a Tabbed Panel and will execute JavaScript in the div Tabs.
> But the Scripts will not be executed, I use the
Hello,
I have a Tabbed Panel and will execute JavaScript in the div Tabs.
But the Scripts will not be executed, I use the parameter
executeScripts="true".
My TabbedPanel looks like this:
images/indicator.gif
images/indicator.gif
Is a JavaScript like the one in the ShowCase.
I posted this bug report on the issue tracker:
https://issues.apache.org/struts/browse/WW-2414
In simple words, if you use to build an url that is used
with the HTML written out will not have the "querystring"
encoded.. and this lead to very dangerous XSS attacks.
<%@ page language="java" cont
Hi,
what is the port number you have configured to run SSL in your server? if
its other than 443 you need to specify it in your URL. try to see your URL
is working in with out ajax.
if you like have a look at this plugin
http://code.google.com/p/struts2-ssl-plugin/
Thanks,
Nuwan
On 1/11/08
22 matches
Mail list logo
