śr., 24 cze 2026 o 11:31 Greg Huber <[email protected]> napisał(a):
>
> Looking into this, basically you cannot use escapeHtml=false and
> escapeJavaScript=true and have <b></b> <strong></strong> <em></em> etc
> work.  There is too much of an overlap between
> what StringEscapeUtils.escapeEcmaScript(result) does trying to escape
> slashes with html slashes (ie you get <b><\/b>, an unterminated <b>
> which messes with the layout).
>
> Guess I will need remove escapeHtml=false.
>
> https://struts.apache.org/tag-developers/property-tag
>
> Maybe there should be a warning on the escapeHtml tag text not to set to
> false without setting escapeJavaScript=true, otherwise it will execute
> the "script" in the response.

Does this sound good?
https://issues.apache.org/jira/browse/WW-5639


Cheers
Łukasz

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to