[ http://jira.codehaus.org/browse/DISPL-223?page=comments#action_42728 ]
Ralf Hauser commented on DISPL-223: ----------------------------------- a work-around is never to use the property attribute, but always a nested "struts bean:write" > column property attribute susceptible to cross-site scripting!! > --------------------------------------------------------------- > > Key: DISPL-223 > URL: http://jira.codehaus.org/browse/DISPL-223 > Project: DisplayTag > Type: Bug > Components: HTML Generation > Versions: 1.0 > Priority: Critical > > Original Estimate: 2 hours > Remaining: 2 hours > > Column tag "property" > (http://displaytag.sourceforge.net/tagreference-displaytag-12.html#column) is > susceptible to cross-site scripting. > It should offer a 'filter="true"' as existing in > http://struts.apache.org/userGuide/struts-bean.html#write -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira ------------------------------------------------------- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar _______________________________________________ displaytag-devel mailing list displaytag-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/displaytag-devel
