On Sun, 19 Dec 2004 19:24:23 -0300, Edgar Poce <[EMAIL PROTECTED]> wrote: > > Are there any other characters that should be filtered for security > > reasons? > > I think there are not. I thought it was a html escape tool and I > expected it replaced 'à' with "à" for example. But I see it's not > the purpose. > > Has it any sense to add an "escape" attribute with values "html", > "javascript", ...?
I guess I am still missing the use case for doing this sort of thing ... what's the reasoning? If you're talking about webapps, by the way, another option is to use a Servlet Filter that intercepts the output and performs this sort of transformation. That solution would work on *any* way to generate the markup -- without requiring that the application source be modified. > > Thanks for your quick response > Edgar Craig --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]