pushed to git, thanks!
2016-11-16 12:12 GMT+01:00 Greg Huber <gregh3...@gmail.com>:
> Yep it works. It matches the <property> escaping default also. I will do
> some more testing also.
>
> @override
> public String toString() {
> return StringEscapeUtils.escapeHtml4(getValue());
> }
>
> On 16 November 2016 at 10:58, Lukasz Lenart <lukaszlen...@apache.org> wrote:
>
>> 2016-11-16 11:53 GMT+01:00 Greg Huber <gregh3...@gmail.com>:
>> > Sounds like a good idea and plug the whole lot in one go.
>> >
>> > tomcat 8 is JSP 2.3 and EL 3.0.
>> >
>> >
>> > ######
>> >
>> > checking ${parameters.get('error')}
>> >
>> > uses org.apache.struts2.dispatcher.Parameter. If I debug the class it
>> is.
>> > toStringArray() does the conversion to the string, maybe escape here?
>> >
>> > strValues[i] = StringEscapeUtils.escapeHtml4(String.valueOf(v));
>>
>> I think it's because of toString() implementation but this should be
>> ok to escape in toString(), let me check that.
>>
>>
>> Regards
>> --
>> Ćukasz
>> + 48 606 323 122 http://www.lenart.org.pl/
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
>> For additional commands, e-mail: dev-h...@struts.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
