Jon mentioned a rule I had forgotten about, that you don't want web error reports to contain data that is sent to the server. For example, a hostile client could send data into the server which is then formatted in an output, tricking the human client to do something.
Jon mentioned a rule I had forgotten about, that you don't want web error reports to contain data that is sent to the server. For example, a hostile client could send data into the server which is then formatted in an output, tricking the human client to do something.