Yep it works. It matches the <property> escaping default also. I will do
some more testing also.
@override
public String toString() {
return StringEscapeUtils.escapeHtml4(getValue());
}
On 16 November 2016 at 10:58, Lukasz Lenart <lukaszlen...@apache.org> wrote:
> 2016-11-16 11:53 GMT+01:00 Greg Huber <gregh3...@gmail.com>:
> > Sounds like a good idea and plug the whole lot in one go.
> >
> > tomcat 8 is JSP 2.3 and EL 3.0.
> >
> >
> > ######
> >
> > checking ${parameters.get('error')}
> >
> > uses org.apache.struts2.dispatcher.Parameter. If I debug the class it
> is.
> > toStringArray() does the conversion to the string, maybe escape here?
> >
> > strValues[i] = StringEscapeUtils.escapeHtml4(String.valueOf(v));
>
> I think it's because of toString() implementation but this should be
> ok to escape in toString(), let me check that.
>
>
> Regards
> --
> Ćukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
>
>
