Even if a malicious header was written into the request, from ...
let's say, a redirect or something else, the HtmlTag does not parse
any headers so there's no way to inject a bad value for Accept-
Language. And even if you were able to spoof the header, Struts
looks inside the request to get the users Locale. So, if there is an
XSS vulnerability with respect to accept-lang, it would be due to a
broken container and not from a broken framework.
So, from everything I can see, this is invalid.
--
James Mitchell
678.910.8017
On Nov 13, 2006, at 11:46 PM, otsuka wrote:
The value of "lang" attribute which <html:html> tag generates is
not escaped. I think it could cause XSS problem If Accept-Language
HTTP header's value is replaced with <script> tag.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
