Hi,
This may be a silly question, but is it correct to say that the struts 2
output encoding is handled by the template type rendering engine. (for
example, the ?html or  in freemarker) other than some
special cases such as the UIBean.ensureAttributeSafelyNotEscaped()?

If this is the case, what about the other template types such as
javatemplates?

I'm trying to cover XSS issues in my jquery ajax plugin.

- Eric

Reply via email to