[Rabbit-dev] cross-site-scripting vulnerabiltiy
Jeff Adamson
jwa at urbancode.com
Fri Mar 5 21:54:52 CET 2010
The commons-lang project does not depend upon any other apache projects (the
pom.xml uses junit and easymock for testing but no other projets). I also
centralized all the escaping calls to a single private method "escapeHtml"
within StandardResponseHeaders so that any algorithm could be substituted
with minimal effort.
On Fri, Mar 5, 2010 at 6:47 AM, <robo at khelekore.org> wrote:
> > I did not see any mechanisms within the rabbIT codebase for escape html
> > strings. I created the following patch which makes use of the Apache
> > commons-lang 2.x project to perform the escaping.
>
> Thanks, I will take a serious look at that when I get back from
> my travelling.
>
> I try to keep external libraries to a minimum, but have no real objection
> to adding a few small things. Many of the apache projects depend on each
> other though, so that may be a problem (how does logging work with
> commons-lang? etc.)
>
> Just wait a few days and then I can give you a better answer.
>
> Many thanks.
> /robo
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://khelekore.org/pipermail/rabbit-dev/attachments/20100305/b559e244/attachment-0001.html>
More information about the Rabbit-dev
mailing list