Good point! Strict data validation would be essential here, so ideally should follow a whitelist validation approach where I define the specific HTML markup tags that are allowed and the EL expressions which are allowed. If the input doesn't match this, then reject it.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4126926#4126926 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4126926 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
