Sorry guys for spamming, but it is not clear what the patch exactly resolves.
disallow entering possible malicious code, i.e. expression like %{xxx} is illegal: instead it should be evaluated as the string "%{xxx}".
what means the first is illegal, but should be evaluated as the string could you please bring an example with <s:property tag? Best, Aram P.S. do you have a guide about "how to apply patches"? ________________________________ Aram Mkhitaryan 52, 25 Lvovyan, Yerevan 375000, Armenia Mobile: +374 91 518456 E-mail: [EMAIL PROTECTED]