I've spent some time going through the current webwork2 UI implementation trying to find out if escaping of special characters ('<,>,",',&) is done. In webwork 1.3, at least the jsp UI templates will perform escaping since they use the property tag which escapes the values as long as you don't tell it not to. Since I'm not familiar with velocity it is harder for me to verify that the escaping is done by the velocity templates as well. If escaping is in fact done in webwork2, please explain how.
--
Regards,
Fredrik Lindgren
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
