RE: [displaytag-devel] Should be escaping html? Torgeir Veimo Fri, 12 Dec 2003 08:50:06 -0800 (sorry, lost quoting context..) > <display:column property="someUserEnteredData" escapeXML="true"/> > rather than > <display:column> > <c:out value="{row.someUserEnteredData}" escapeXML="true"/> > </display:column> Two comments from a user: JSTL is not allways available. The first one is the correct one in terms of usability and functionality. It's what many other taglibs who write out values do. And it's necessary to avoid cross site scripting vulnerabilities. -- Torgeir Veimo <[EMAIL PROTECTED]> ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ displaytag-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/displaytag-devel Previous message View by thread View by date Next message [displaytag-devel] Should <table> be escaping html? Paul McCulloch Re: [displaytag-devel] Should <table> be escapin... John York RE: [displaytag-devel] Should <table> be escapin... Paul McCulloch RE: [displaytag-devel] Should <table> be esc... John York RE: [displaytag-devel] Should <table> be... Matt Raible RE: [displaytag-devel] Should <table>... Torgeir Veimo RE: [displaytag-devel] Should <tab... John York RE: [displaytag-devel] Should <table> be escapin... Paul McCulloch RE: [displaytag-devel] Should <table> be esc... John York RE: [displaytag-devel] Should <table> be... Brad Smith RE: [displaytag-devel] Should <table> be... Brad Smith RE: [displaytag-devel] Should <table> be escapin... Andy Pruitt Reply via email to Search the site The Mail Archive home displaytag-devel - all messages displaytag-devel - about the list Expand Previous message Next message The Mail Archive home Add your mailing list FAQ Support Privacy 1071243965.4402.21.camel@atlantis.netenviron.com

[Torgeir Veimo]

(sorry, lost quoting context..)

> <display:column property="someUserEnteredData" escapeXML="true"/>

> rather than

> <display:column>
>       <c:out value="{row.someUserEnteredData}" escapeXML="true"/> 
> </display:column>

Two comments from a user:

JSTL is not allways available.

The first one is the correct one in terms of usability and
functionality. It's what many other taglibs who write out values do. And
it's necessary to avoid cross site scripting vulnerabilities.

-- 
Torgeir Veimo <[EMAIL PROTECTED]>



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
displaytag-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/displaytag-devel