Comment 23 for bug 1659124

Can anyone see any adverse affects to adding angle brackets to the whitelist? I have a customer that is using unencoded angle brackets around their session IDs in the URL which they can't change at this point and the CVE fix broke their application. If there aren't any adverse affects I'll add them to the list for my distribution, and to tomcat if anyone else needs them.