From 56a5ec22d04074375a1c89bd0bf42c07259cb3f0 Mon Sep 17 00:00:00 2001 From: markt Date: Fri, 11 Dec 2009 17:14:26 +0000 Subject: [PATCH] Remove docs for valve that was replaced with filter git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@889707 13f79535-47bb-0310-9956-ffa450edef68 --- webapps/docs/config/valve.xml | 41 ----------------------------------------- 1 file changed, 41 deletions(-) diff --git a/webapps/docs/config/valve.xml b/webapps/docs/config/valve.xml index 291c42eb0..a15e6e971 100644 --- a/webapps/docs/config/valve.xml +++ b/webapps/docs/config/valve.xml @@ -583,47 +583,6 @@ -
- - - -

The HTTP specification is clear that if no character set is specified for - media sub-types of the "text" media type, the ISO-8859-1 character set must - be used. However, browsers may attempt to auto-detect the character set. - This may be exploited by an attacker to perform an XSS attack. Internet - Explorer has this behaviour by default. Other browsers have an option to - enable it.

- -

This valve prevents the attack by explicitly setting a character set. - Unless the provided character set is explicitly overridden by the user the - browser will adhere to the explicitly set character set, thus preventing the - XSS attack.

- -

This Valve may be used at the Engine, Host or - Context level as required. Normally, this Valve would be used - at the Engine level.

- - - - - -

The Add Default Character Set Valve supports the - following configuration attributes:

- - - - -

Java class name of the implementation to use. This MUST be set to - org.apache.catalina.valves.AddDefaultCharsetValve.

- - - - - - -
- -
-- 2.11.0