> Hi Antonio, as I mentioned in a previous post, it's not so simple as the > href attribute of s:a can legally contain javascript or vbscript.
I think that the problem about <a> in href attribute is the double quote " character, because it will close the href attribute, then with a greater than symbol, you will close the <a> too and finally you can inject any kind of Javascript inside the page. I think that <s:a> can implement this kind of checking, no? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
