--- /dev/null
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE document [
+ <!ENTITY project SYSTEM "project.xml">
+]>
+<document url="filter.html">
+
+ &project;
+
+ <properties>
+ <title>Container Provided Filters</title>
+ </properties>
+
+<body>
+
+
+<section name="Introduction">
+
+ <p>Tomcat provides a number of <strong>Filters</strong> which may be
+ configured for use with all web applications using
+ <code>$CATALINA_BASE/conf/web.xml</code> or may be configured for individual
+ web applications by configuring them in the application's
+ <code>WEB-INF/web.xml</code>. Each filter is described below.</p>
+
+ <blockquote><em>
+ <p>This description uses the variable name $CATALINA_BASE to refer the
+ base directory against which most relative paths are resolved. If you have
+ not configured Tomcat for multiple instances by setting a CATALINA_BASE
+ directory, then $CATALINA_BASE will be set to the value of $CATALINA_HOME,
+ the directory into which you have installed Tomcat.</p>
+ </em></blockquote>
+
+</section>
+
+
+<section name="Add Default Character Set Filter">
+
+ <subsection name="Introduction">
+
+ <p>The HTTP specification is clear that if no character set is specified for
+ media sub-types of the "text" media type, the ISO-8859-1 character set must
+ be used. However, browsers may attempt to auto-detect the character set.
+ This may be exploited by an attacker to perform an XSS attack. Internet
+ Explorer has this behaviour by default. Other browsers have an option to
+ enable it.</p>
+
+ <p>This filter prevents the attack by explicitly setting a character set.
+ Unless the provided character set is explicitly overridden by the user the
+ browser will adhere to the explicitly set character set, thus preventing the
+ XSS attack.</p>
+
+ </subsection>
+
+ <subsection name="Filter Class Name">
+
+ <p>The filter class name for the Add Default Character Set Filter is
+ <strong><code>org.apache.catalina.filters.AddDefaultCharsetFilter</code>
+ </strong>.</p>
+
+ </subsection>
+
+ <subsection name="Initialisation parameters">
+
+ <p>The Add Default Character Set Filter does not support any initialization
+ parameters</p>
+
+ </subsection>
+
+</section>
+
+
+</body>
+
+
+</document>
+++ /dev/null
-<?xml version="1.0"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<!DOCTYPE document [
- <!ENTITY project SYSTEM "project.xml">
-]>
-<document url="filter.html">
-
- &project;
-
- <properties>
- <title>Container Provided Filters</title>
- </properties>
-
-<body>
-
-
-<section name="Introduction">
-
- <p>Tomcat provides a number of <strong>Filters</strong> which may be
- configured for use with all web applications using
- <code>$CATALINA_BASE/conf/web.xml</code> or may be configured for individual
- web applications by configuring them in the application's
- <code>WEB-INF/web.xml</code>. Each filter is described below.</p>
-
- <blockquote><em>
- <p>This description uses the variable name $CATALINA_BASE to refer the
- base directory against which most relative paths are resolved. If you have
- not configured Tomcat for multiple instances by setting a CATALINA_BASE
- directory, then $CATALINA_BASE will be set to the value of $CATALINA_HOME,
- the directory into which you have installed Tomcat.</p>
- </em></blockquote>
-
-</section>
-
-
-<section name="Add Default Character Set Filter">
-
- <subsection name="Introduction">
-
- <p>The HTTP specification is clear that if no character set is specified for
- media sub-types of the "text" media type, the ISO-8859-1 character set must
- be used. However, browsers may attempt to auto-detect the character set.
- This may be exploited by an attacker to perform an XSS attack. Internet
- Explorer has this behaviour by default. Other browsers have an option to
- enable it.</p>
-
- <p>This filter prevents the attack by explicitly setting a character set.
- Unless the provided character set is explicitly overridden by the user the
- browser will adhere to the explicitly set character set, thus preventing the
- XSS attack.</p>
-
- </subsection>
-
- <subsection name="Filter Class Name">
-
- <p>The filter class name for the Add Default Character Set Filter is
- <strong><code>org.apache.catalina.filters.AddDefaultCharsetFilter</code>
- </strong>.</p>
-
- </subsection>
-
- <subsection name="Initialisation parameters">
-
- <p>The Add Default Character Set Filter does not support any initialization
- parameters</p>
-
- </subsection>
-
-</section>
-
-
-</body>
-
-
-</document>
<item name="Realm" href="realm.html"/>
<item name="Resources" href="resources.html"/>
<item name="Valve" href="valve.html"/>
- <item name="Filters" href="filters.html"/>
+ <item name="Filter" href="filter.html"/>
</menu>
<menu name="Cluster Elements">
projects / tomcat7.0 / commitdiff