[Rabbit-dev] cross-site-scripting vulnerabiltiy
robo at khelekore.org
robo at khelekore.org
Fri Mar 5 12:47:39 CET 2010
> I did not see any mechanisms within the rabbIT codebase for escape html
> strings. I created the following patch which makes use of the Apache
> commons-lang 2.x project to perform the escaping.
Thanks, I will take a serious look at that when I get back from
my travelling.
I try to keep external libraries to a minimum, but have no real objection
to adding a few small things. Many of the apache projects depend on each
other though, so that may be a problem (how does logging work with
commons-lang? etc.)
Just wait a few days and then I can give you a better answer.
Many thanks.
/robo
More information about the Rabbit-dev
mailing list