Announcement Announcement Module
Collapse
No announcement yet.
Xss Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Xss

    Hi

    I been testing Spring Roo with following some tutorials just to get a hang of it. But I noticed that the scaffolded generated webbapplication doesn't encode it's output and is therefore highly vulnerable for XSS attacks.

    Why isn't the output encoded?

    /Markus

  • #2
    https://jira.springsource.org/browse/ROO-512

    Stefan Schmidt added a comment - 12/Jan/10 06:31 PM

    I'll go ahead and mark this issue as resolved. The change to list.jspx and show.jspx will be available in the Roo 1.0.1 release.

    Comment

    Working...
    X