DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14730>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14730 <bean:write/> does not filter UK pound signs correctly ------- Additional Comments From [EMAIL PROTECTED] 2002-11-26 17:05 ------- A little extra historical perspective would be useful to future folks who search for this bug report. The *only* reason that Struts filters any characters at all is to minimize the potential for a security problem that is very common in webapps. Consider a guestbook application, where you allow people to type in comments, which the app then redisplays in the list of all comments. Unless the output is filtered, it is easy for a malicious user to inject JavaScript code that would get executed by the browser of anyone viewing the page. Thus, the filtering is there for security purposes, not for formatting purposes. Any formatting that is required should be done by the application, because it is nearly always an application-specific issue. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
