2008/1/15, GF <[EMAIL PROTECTED]>: > > On Jan 15, 2008 2:45 PM, Martin Gainty <[EMAIL PROTECTED]> wrote: > > > > Hi Ganfab > > Are you suggesting the href contents disable javascript to disable XSS > script attacks?Martin > > No, I think that maybe can be useful to think if doing some checks to > href attribute of <s:a> is possible to look for double quotes > characters that can eventually close the attribute and tag.
Or better, escape them with their corresponding entity. Antonio
