Yes, I think this is exactly the issue raised in my last post. Your
result is being processed before the lines that follow the action
invocation. Insert a PreResultListener and it can do the job of
updating.
(BTW, your method is called interceptor() but it should be Intercept()
- I'm guessing that
I think this case gets a little more complicated because you want the
timer data to be available to your result. If you simply wait for your
call to ActionInvocation.invoke() to return, then your result will
already have been processed. So you need to use your interceptor to
set a PreResultListener
e the text may contain
> formatting tags and what you really want is to just escape the
> parameters.
>
>
> On Thu, Feb 18, 2010 at 5:25 PM, John Orr wrote:
>> This is my first posting to this list, so excuse me if this is an
>> issue that's already been address
This is my first posting to this list, so excuse me if this is an
issue that's already been addressed.
My concern is with the XSS vulnerability in the following use case:
It seems (Struts 2.1.8.1) that there is no mechanism in s:text or
s:param to do HTML escaping. If param1 contains user i
4 matches
Mail list logo
