Re: Referencing request parameters in struts tags.

Lukasz Lenart Wed, 02 Nov 2016 01:20:07 -0700

2016-11-02 9:12 GMT+01:00 Greg Huber <gregh3...@gmail.com>:
> Looking at this:
>
> <s:if test="#parameters.contains('error')">
>   <ul><li>
>     <s:text name="#parameters.get('error').value"/>
>   </li></ul>
> </s:if>
>
> and if I use :
>
> login.action?error=<script type="text/javascript">alert("ok1");</script>
>
> I get a js alert box popup.
>
> Should it be able to popup the alert box?  Thought this kind of script
> should be escaped.


Yeah, that's why calling directly .value in your scriplet isn't a good
practise and I want to add a dedicated converter/accessor for
HttpParameters to avoid such situation.


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: Referencing request parameters in struts tags.

Reply via email to