On Jan 15, 2008 2:45 PM, Martin Gainty <[EMAIL PROTECTED]> wrote: > > Hi Ganfab > Are you suggesting the href contents disable javascript to disable XSS script > attacks?Martin
No, I think that maybe can be useful to think if doing some checks to href attribute of <s:a> is possible to look for double quotes characters that can eventually close the attribute and tag. When someone uses javascript inside the href a the XHTML <a> it's common to not use double quotes (and use single quotes) because double quotes would close the href attribute. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
