I just tried this with the CVS HEAD of Tomcat 5 (after putting in a security-constraint in the ROOT web.xml) and Tomcat happily returned a 403 response.
I don't care about this lame XSS bug. However, what you describe doesn't work for me.
-- xxxxxxxxxxxxxxxxxxxxxxxxxxxxx R�my Maucherat Senior Developer & Consultant JBoss Group (Europe) S�RL xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
