Exclude URLs
This exclude url's list is used to list all the urls that must be excluded from checking for the XSS attacks.
URL
Each URL should be relative to the context path and must start with "/".
The individual url-patterns uses the ANT style patterns for pattern matching.
By default all the urls that have the extensions namly, CSS, JS, PNG, GIF and SWF are excluded.
<exclude-url-patterns>
<url-pattern>/**/*.css</url-pattern>
<url-pattern>/**/*.js</url-pattern>
<url-pattern>/**/*.png</url-pattern>
<url-pattern>/**/*.gif</url-pattern>
<url-pattern>/**/*.swf</url-pattern>
</exclude-url-patterns>
