=== On 2015-10-02T19:13:58Z Ann Campbell Wrote:
\[~nicolas.peru], I know we're not ready to check ``++web.xml++`` yet, but when we are...

=== On 2016-03-04T12:32:16Z sytze van koningsveld Wrote:
scrubbing sounds like blacklisting, which is different from true validation (white listing), so maybe a misnomer. The "validation filter" should not replace true valdation, typically done in controllers.

=== On 2018-03-19T09:56:33Z Sébastien GIORIA - AppSecFR Wrote:
I might tag this OWASP A6:2017 and not A1:2017. This is not a injection, more a configuration problem

=== On 2018-03-20T07:22:40Z Freddy Mallet Wrote:
I tend to agree with [~SPoint]. [~alexandre.gigleux] would you be confortable with this change ? Thanks

=== On 2018-03-20T08:16:15Z Alexandre Gigleux Wrote:
I agree [~freddy.mallet] / [~SPoint] and I applied the suggested change.