On 17/05/18 17:43, Chris Bonk wrote:
> Hey Mark,
>
> I really appreciate your reply.
>
> I can't see anything in the revision that specifically states sanitization
> however my Java isn't the best nor my software development with regards to
> what a "Valve" would be responsible for. I suspect tha
Hey Mark,
I really appreciate your reply.
I can't see anything in the revision that specifically states sanitization
however my Java isn't the best nor my software development with regards to
what a "Valve" would be responsible for. I suspect that worrying about XSS
at that level isn't a concern.
On 17 May 2018 15:46:07 BST, Chris Bonk wrote:
>Hello,
>
>I have a strange issue, I am trying to track down the root cause for an
>ancient CVE-2006-1548
>
>http://struts.1045723.n5.nabble.com/DO-NOT-REPLY-Bug-38749-New-XSS-vulnerability-in-LookupDispatchAction-td3510079.html
>
>I can replicate the