Compiled by kytv from plugins.i2p
todo: implementation

another escape html

Disable clients.config editing in UI
Strip single quotes too
Fix double-escaping in susimail folder page

Don't return null entries in getParameterValues() array
Log in getParameterValues() too
static

Add filter to all webapps

  XSSFilter patch from str4d:
  XSSFilter and XSSRequestWrapper were from http://ricardozuasti.com/2012/stronger-anti-cross-site-scripting-xss-filter-for-java-web-apps/
  No provided license, but it is clearly intended for public consumption.
  But most of it is boilerplate provided by the Servlet Filter system.
  In fact, now that I have stripped out his JS-specific patterns and replaced it with the whitelist,
  it is effectively identical to what I would have written from scratch.

  - Fix several XSS issues (thx Aaron Portnoy of Exodus Intel)
  - Add Content-Security-Policy and X-XSS-Protection headers
  - Disable changing news feed URL from UI
  - Disable plugin install from UI
  - Disable setting unsigned update URL from UI
  - Disable /configadvanced
* DataHelper: Disallow \r in storeProps() (thx joernchen of Phenoelit)
* ExecNamingService: Disable (thx joernchen of Phenoelit)
* Startup: Add susimail.config to migrated files

Notes: Only HTTPS and SU3 (v2) support.

   http://forum.i2p/viewtopic.php?t=11469

   log fixes

   prevent slowdowns or stalls

far too often. Need to fix that first.

(thanks to SeekingFor for the heads-up)

- final
- last week's history