s:a does not encode "href" attribute value
------------------------------------------
Key: WW-2427
URL: https://issues.apache.org/struts/browse/WW-2427
Project: Struts 2
Issue Type: Bug
Components: Plugin - Tags
Affects Versions: 2.0.11
Reporter: Antonio Petrelli
The <s:a> does not encode with HTML entities the "href" attribute value. This
can lead to invalid HTML and, in certain cases, to
XSS attacks.
Probably a new attribute, that specify if the encoding is enabled or not,
should be added.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
