On 10/03/2024 10:50, Greg Huber wrote:
Hello,
Using http://tomcat/manager-app/text/reload?path=/
When I reload an application (in java), I get a reply
OK - Reloaded application at context path [/]
but when the application is not present I get this reply:
FAIL - No context exists named [/]
Is it intentional that the fail shows the ascii code rather than the
slash like on the OK?
Yes.
If the provided context exists then we know that the name is HTML safe
since all valid context names are HTML safe. In this case there is no
escaping.
If the context does not exist then the provided content name may not be
HTML safe (it could be a deliberate XSS attempt) hence it is escaped.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
