Apache
/
lucene
mirror of https://github.com/apache/lucene.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

document the HTML escape fix for the JSP example 

git-svn-id: https://svn.apache.org/repos/asf/lucene/java/trunk@150617 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Daniel Naber 2004-10-18 22:30:15 +00:00
parent 1aa4ae4a31
commit 3b15d36d38
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES.txt
View File

@ -102,6 +102,12 @@ $Id$
low-frequency terms, where the cost of dictionary lookup can be low-frequency terms, where the cost of dictionary lookup can be
significant. (cutting) significant. (cutting)
23. The JSP demo page (src/jsp/results.jsp) now properly escapes error
messages which might contain user input (e.g. error messages about
query parsing). If you used that page as a starting point for your
own code please make sure your code also properly escapes HTML
characters from user input in order to avoid so-called cross site
scripting attacks. (Daniel Naber)
1.4.1 1.4.1