Eduard Witteveen wrote: > On Thu, 2002-07-18 at 18:01, Pierre van Rooden wrote: > >>You use <mm:field name="html(foo)" /> or <mm:field name="html(gui(foo))" /> > > The point is that you now have to use it almost everywhere. > > Why cant the fieldTag itselve do this manipulation since 95% of the > cases in which i use an fieldTag, it has to be html-escaped. > > Would you forget this in your page, information can be rendered not > correct, or even worse malicious users could perform cross-side > scripting. >
Yes that would be problem, but I consider changing the default behaviour of giving the data to some escaped form of a data a bad idea. Especially since html is not the only output format used by jsp pages, jsp pages are even content neutral. So I consider using an extra attribute to specify te escaping a far better idea. -- Rico Jansen ([EMAIL PROTECTED]) "You call it untidy, I call it LRU ordered" -- Daniel Barlow
