Summary: | StandardHostValve.status unnecessarily HTML-escapes the error message | ||
---|---|---|---|
Product: | Tomcat 6 | Reporter: | Roland Illig <roland.illig> |
Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | Keywords: | ErrorMessage |
Priority: | P2 | ||
Version: | 6.0.18 | ||
Target Milestone: | default | ||
Hardware: | All | ||
OS: | All |
Description
Roland Illig
2009-04-19 01:59:15 UTC
I fixed this for trunk as I can't see any negative security (XSS) impact. I'll leave it a little while before proposing for backport in case others see something I missed. This has been fixed in 6.0.x and will be included in 6.0.21 onwards. |