The purpose for filtering these four characters is to avoid cross site scripting attacks that would otherwise be possible if an application accepted an input text field that had something like a <script> element in it, and then wrote that text to an HTML output stream with no modifications.
Are there any other characters that should be filtered for security reasons? If not, what's the use case for converting anything else to its &xxx; equivalent? Which, among other things, can cause you some grief if you're trying to do XML validation of the resulting output. Craig On Sun, 19 Dec 2004 18:51:32 -0300, Edgar Poce <[EMAIL PROTECTED]> wrote: > Hi > TagUtils.filter(String value) only filters 4 html sensitive characters > while there are many more. Is there any special reason or it's a bug? > > Regards > Edgar > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]