You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@velocity.apache.org by GitBox <gi...@apache.org> on 2020/10/23 14:44:30 UTC

[GitHub] [velocity-tools] mkienenb commented on pull request #9: Fixed Reflected XSS Vuln

mkienenb commented on pull request #9:
URL: https://github.com/apache/velocity-tools/pull/9#issuecomment-715386248


   @michael-o  As I stated privately, removing the catch clause will not fix the issue -- that's not the catch that's triggered, and  it'll break backwards compatibility (expected behavior).  Nor will it fix the problem for anyone who may be calling error from a subclass.
   
    @JHHAX's simple fix which escapes path is the correct one to use.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org