-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Konstantin,
On 2/7/13 5:19 AM, Konstantin Kolinko wrote: > Any other web application that wants to use this feature has to > configure this filter explicitly and must pass all important URLs > through HttpServletResponse.encodeURL(). Web applications should always pass URLs through HttpServletResponse.encodeURL (or HttpServletResponse.encodeRedirectURL), whether they are important or not ;) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlETxLUACgkQ9CaO5/Lv0PBFEwCgtojPQrWpGVKV31/FoFTvi8ED YV0AoInnwL6wRvtoY4Q3cJyR7ndbxMoF =u1Rq -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
