Hi,
I guess you can validate whatever you want by providing your own
ActionBeanPropertyBinder :
net.sourceforge.stripes.controller.ActionBeanPropertyBinder
I think it can be done very easily by overriding a single method in there,
maybe :
It's true that c:out or ${fn:escapeXml(whatever)} offers protection
against XSS attacks involving injected HTML/XML markup, but that's not
really enough on the client side. If user-tainted content is emitted
into a JavaScript context, then it has to be protected differently
(most effectively, with