File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Tomcat and the fly likes Cross site scripting Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Reply Bookmark "Cross site scripting" Watch "Cross site scripting" New topic
Author

Cross site scripting

Elinor Chang
Ranch Hand

Joined: Jul 30, 2003
Posts: 58
posted private message
0
Quote
The web application I worked on lately just got deployed onto tomcat 4.1.27. We found out the problem of the cross site scripting on the tomcat later. Is there anyone can help to find out how to fix the security problem?
Thanks
Elinor

The more I learn, the less I know....<br /> <br />SCJP2 <br />SCWCD
Elinor Chang
Ranch Hand

Joined: Jul 30, 2003
Posts: 58
posted private message
0
Quote
Seems no one is interested in this topic. Just FYI
I looked into this myself to find tomcat v4.1.28 has already fixed the problem. v4.1.28 and Tomcat 5 use a new version of Coyote connector, which implements HTTP 1.1. The new HTTP changes the HTTP header info when sending response back to web browswer. You can find details from any HTTP 1.1 document.
 
IntelliJ Java IDE
 
subject: Cross site scripting
 
Threads others viewed
Avoid Cross site scripting in Jsp
where to implement cross site scripting and how ?
XSS attack - prevention - AJAX ?
Cross-site scripting attacks
about URLEncoding
IntelliJ Java IDE