Re: Make ${} operator XSS safe in Struts 2 (same as tapestry)

2 operator http://stackoverflow.com/questions/23365225/make-operator-xss-safe-in-struts-2-same-as-tapestry Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr.

Make ${} operator XSS safe in Struts 2 (same as tapestry)

Hi, As mentioned in http://www.disasterarea.co.uk/blog/xss-vulnerabilities-in-web-frameworks-2/ The ${} is not xss safe in struts 2 while it is safe in tapestry 5. I am not a Tapestry guy, but I want to know if above is correct. As far as I know the ${} is part of JSLT and it does not depend on a