or "executeJavascript" attribute, as I can see the usefulness
of not cleaning the data when pulling from properties files, but by default it
should clean the data.
From: Martin Gainty [mailto:mgai...@hotmail.com]
Sent: Tuesday, August 18, 2009 11:19 AM
To: Redfield, Jon
Subject:
We're finishing up our first Struts 2 project (ver 2.1.6) and a security scan
has shown that the tag is vulnerable to cross site scripting because
it does not encode special characters. This feels like a bug, but is it?
We've since learned to use the scope interceptor, however there are still
2 matches
Mail list logo
