On Thu, 17 Mar 2005 18:03:16 -0700, Hyrum <[EMAIL PROTECTED]> wrote:
>
> ${bean.isIdiot ? "Yes, I'm an Idiot" : "No, I'm not an Idiot"}
>
This doesn't suffer from the dangerious content problem, because you
don't actually *emit* the contents of the isIdiot property -- you only
use it on the server side to calculate what should actually be
emitted.
If you did something like this:
<p>Did I fail the test? ${bean.isIdiot}</p>
You would be at risk of the isIdiot property was a string (unless you
were 100% confident that the contents of the string had no dangerous
content).
Craig
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
