Currently Being Moderated
On the error page when Hyperic allows the user to see a stack trace, the application outputs the stack trace verbatim without running it through a sanitizer. For instance, one line of a recent stack trace I had has the line:
org.hyperic.hq.appdef.shared.AppdefEntityID.<init>(AppdefEntityID.java:105)
The <init> in this only shows up in an HTML View Source, not in the browser window. This is because the browser is interpreting this as a tag! Luckily that's not a tag that causes any issues, but naturally there could be anything in there from something that would mess up rendering to a potential security vulnerability via a XSS attack.
Java should have some native web sanitizers this can be (needs to be!) streamed through.
Eric
VMTN Forums
Blogs
Twitter
Facebook
Google+
LinkedIn
YouTube
Groups 
Podcasts
vSphere
Fusion
Workstation
Cloud Cred
