10 of 31
Comment Vulnerabilities (2)
uTwo types of comment tags for JSPs:
Ø<!– Remember to change the default admin password
->
Ø<%-- Admin password is Test --%>.
uUsing <%-- --%>, the compiler will remove the comment when the page is compiled.
uUsing <!-- -->, the comment will appear as part of
the generated page
ØEven if it does not appear in the rendered page in the
browser, viewing the source code
will reveal the comment.