Hm, it looks like you're on to something. This should probably be
filed as an issue in Bugzilla for better tracking.
http://issues.apache.org/bugzilla/
Any changes which would break existing installations should probably
go through a cycle of warning and deprecation. I suppose given
potentia
I've identified a potential security problem in how struts handles the
interaction between form validation and cancel buttons.
The html:cancel tag works by creating an html submit button that has
a magic name (org.apache.struts.taglib.html.CANCEL). When this parameter
is set the s
