Re: JSP Compiler produces huge HTML files with whitespace

Wed, 08 Sep 2004 11:58:42 -0700

Look in the web.xml in the conf directory and use the trimSpaces parameter..

<servlet>
<servlet-name>jsp</servlet-name>
<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
<init-param>
<param-name>trimSpaces</param-name>
<param-value>true</param-value>
</init-param>
...

Mark


On 8 Sep 2004, at 20:00, Peter Lin wrote:

well I don't consider that an security issue. just because you know
someone is using jsp tags, it doesn't mean you know how the whole
architecture works. The only thing it tells a competitor is that it is
feasible to use jsp tags.

beyond that, all the important and interesting stuff is what makes an
impact on how well a site works and performs.

but I could be wrong.

peter


On Wed, 08 Sep 2004 10:55:28 -0700, Brad Neuberg <[EMAIL PROTECTED]> wrote:
At 10:49 AM 9/8/2004, you wrote: 
it is not on by default due to spec issues. for tomcat to be strictly
compliant, by default it should not strip the extra carriage returns.

If you search the mailing list back to 2001-2002, you see there was
lots of discussion about it. the funny thing is, it also makes it easy
to tell when a website uses jsp tags.

that's an easy way to figure out if a website is using a servlet
container and jsp tags.

That seems like a security issue to me. You can fingerprint a remote site
and determine what technology they are using, even if they have taken steps
to hide the JSP ending from their files.

Brad

peter


On Wed, 08 Sep 2004 10:45:00 -0700, Brad Neuberg <[EMAIL PROTECTED]> wrote:
Yoav, thanks; this works. One question; why isn't this true by default?

Brad

At 09:56 AM 9/8/2004, you wrote:

Hi,
trimSpaces at
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/jasper-howto.html.

Yoav Shapira
Millennium Research Informatics





---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to