-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 André,
On 11/16/12 3:29 PM, André Warnier wrote: > .. "if your [sic, apologies] are not using > HttpServletResponse#encodeRedirectURL(String) or > HttpServletResponse#encodeURL(String) in your application, then > this filter would be unnecessary".. I think if you replaced "unnecessary" with "ineffective" then you're closer to your intended meaning. To me, "unnecessary" implies that the application is safe and the filter would not add anything when the truth is that the application's safety is irrelevant and that adding the filter will not protect it. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCoSLQACgkQ9CaO5/Lv0PBKYACgheqBq7b9N3R0Lz4H9I6DEKqy +0YAoJUaVckkX37Rfa8Xs0atMmRQ3v0U =DxZM -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org