2008/1/12, GF <[EMAIL PROTECTED]>:
> <s:url id="xssTest" action="test" namespace="/test" encode="true" />
> <s:a href="%{xssTest}">XSS Test</s:a>
> ...
> http://localhost:8080/struts2-blank-2.0.11/example/XSS.jsp?
> >'"><script>alert(document.cookie)</script>Fabio, one little question. I don't see how this code can write the parameter passed to the JSP page. Probably you pasted the wrong code in the <s:url> part. Ciao Antonio --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
