Vendor scanners routinely complain about this href call, but such pattern matching scanners lack the context of the other XSS mitigation protects put in place by GWT. It pops up at lease yearly here. Use the tool properly and you'll be fine.
https://groups.google.com/forum/?fromgroups=#!searchin/google-web-toolkit/gwt$20security/google-web-toolkit/WKcB-pDtfgA/CX2-nuHcMr0J https://groups.google.com/forum/?fromgroups=#!searchin/google-web-toolkit/gwt$20vulnerability/google-web-toolkit/7LrsBlQdDaw/E_PS2CdOGW8J Sincerely, Joe -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
