Results 1 to 2 of 2

Thread: Xss

  1. Jan 20th, 2010, 12:49 PM #1
    Backmask
    Backmask is offline Junior Member
    Join Date
    Dec 2006
    Posts
    25

    Default Xss

    Hi

    I been testing Spring Roo with following some tutorials just to get a hang of it. But I noticed that the scaffolded generated webbapplication doesn't encode it's output and is therefore highly vulnerable for XSS attacks.

    Why isn't the output encoded?

    /Markus
    Reply With Quote Reply With Quote
  2. Jan 20th, 2010, 01:21 PM #2
    dzmitry
    dzmitry is offline Junior Member
    Join Date
    Dec 2009
    Posts
    12

    Default

    https://jira.springsource.org/browse/ROO-512

    Stefan Schmidt added a comment - 12/Jan/10 06:31 PM

    I'll go ahead and mark this issue as resolved. The change to list.jspx and show.jspx will be available in the Roo 1.0.1 release.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules