Hi, This may be a silly question, but is it correct to say that the struts 2 output encoding is handled by the template type rendering engine. (for example, the ?html or in freemarker) other than some special cases such as the UIBean.ensureAttributeSafelyNotEscaped()?
If this is the case, what about the other template types such as javatemplates? I'm trying to cover XSS issues in my jquery ajax plugin. - Eric
