xss

XSS patch for tomcat, jetty and glassfish

In case you didn't know, any application with a JSP page that uses ${foobar} with user-introduced data is inherently insecure. The 10-seconds Intro To The Joy Of XSS goes a little like this: Go to some data input form. Enter <script>window.location.href='http://badguys.com'<…