I have some code like this:
ctx.getMessages().add(new SimpleMessage(
"Record ''{0}'' deleted", recordName));
If recordName contains HTML characters they are output unescaped by the
<stripes:messages> tag. This contrasts with field validation errors,
which are correctly escaped. Shouldn't all the error handling and
messaging stuff work the same way, and escape HTML characters?
--
Alan Burlison
--
-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Stripes-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-users
