2007/7/16, Aram Mkhitaryan <[EMAIL PROTECTED]>:
everywhere in s2 tags the user submitted values should not be evaluated till it is not requested with a method call like "eval(ognlString)" otherwise it should not work
I disagree. Whatever the user types in the fields, it MUST NOT be evaluated, otherwise we will always have a security issue. The only thing that could be done is type conversion (e.g. String->int). Antonio