what is data.zip

[nian....@gmail.com]

In the compiled jar, there is a data.zip file location in org\h2\util\.  In data.zip, there is a tools.jsp file that has a dom-xss finding flagged by Fortify tool.jsp.  Wondering if data.zip is just a sample since the source jar doesn't have a data.zip file.  Can anyone confirm if data.zip is okay to manually remove from the compiled jar?

[Thomas Mueller]

Hi,

data.zip contains all resources (javascript files, html files, error messages and so on). It is generated by the build. It is not OK to remove it.

I would rather fix the problem, could you tell us what exactly is the problem with tools.jsp? My guess is the problem is this line: 

    document.getElementById('toolName').innerHTML = name;

I guess we should use innerText instead of innerHTML here.

Regards,

Thomas

On Thu, Dec 3, 2015 at 3:19 AM, <nian....@gmail.com> wrote:

In the compiled jar, there is a data.zip file location in org\h2\util\.  In data.zip, there is a tools.jsp file that has a dom-xss finding flagged by Fortify tool.jsp.  Wondering if data.zip is just a sample since the source jar doesn't have a data.zip file.  Can anyone confirm if data.zip is okay to manually remove from the compiled jar?

--
You received this message because you are subscribed to the Google Groups "H2 Database" group.
To unsubscribe from this group and stop receiving emails from it, send an email to h2-database...@googlegroups.com.
To post to this group, send email to h2-da...@googlegroups.com.
Visit this group at http://groups.google.com/group/h2-database.
For more options, visit https://groups.google.com/d/optout.

[nian....@gmail.com]

Yes. That is the location of the finding.  And yes, using textContent property should resolve the finding.

[Nian Daemon]

@Thomas

How do I request the code change?