Well,
> Or better, escape them with their corresponding entity.
>
> Antonio
>
Myabe i'm wrong, but:
In XHTML this is wrong:
<a href="javascript:window.alert("Example of a link that displays an
alert box");">
because i use double quotes inside a javascript, inside a href tag
delimited by double quotes.
it would be ok to do:
<a href="javascript:window.alert('Example of a link that displays an
alert box');">
So since <s:a> can be used to generate a "good" <a> tag, I think that
can be a nice idea to add some automatic checking and conversion to
prevent exploiting of the generated <a>.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
