On 02/05/2012 07:07 μμ, Marvin S. Addison wrote:
But if url feature is a requirement, then, in order to re-enable it,
is XML escaping enough? I thought that this was not the case and
that's why I asked about the extra check (url starts with http:// or
https://). Am I wrong?
Not necessarily, I just don't see what benefit scheme checking provides.
M
This check (I think that) protects you from 'javascript:' URL...
Pavlos
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
