Well, > Or better, escape them with their corresponding entity. > > Antonio > Myabe i'm wrong, but:
In XHTML this is wrong: <a href="javascript:window.alert("Example of a link that displays an alert box");"> because i use double quotes inside a javascript, inside a href tag delimited by double quotes. it would be ok to do: <a href="javascript:window.alert('Example of a link that displays an alert box');"> So since <s:a> can be used to generate a "good" <a> tag, I think that can be a nice idea to add some automatic checking and conversion to prevent exploiting of the generated <a>. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]