> From: Jon Stevens [mailto:[EMAIL PROTECTED]] > >Does anyone have code they want to contribute to get this started? How are >you currently dealing with these issues? What is your favorite way to escape >things? Do you filter/escape all content or only some content? Etc.
In the world of XSL, I think these issues are already taken care of. At least in a "domified" approach, the data only ever gets translated into XML as a final step, and the XSL processor automatically escapes anything that will have XML or HTML meaning. In the world of JSP, I would expect that bean-access custom tags would do this escaping. Do the Struts taglibs or any of the jakarta taglibs take care of this? In the world of Velocity... is there a switch that can be set on Velocity to automatically escape anything with XML/HTML meaning? Should there be? Of course, all these effectively disable _all_ htmlish tags, which might not be wholly desirable... still, it seems to me that that the best approach is to escape everything and then selectively translate *back* only the tags you want working (like <b>). Jeff Schnitzer [EMAIL PROTECTED] -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
