DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26112>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26112 Add message parameter XML-escaping to <html:messages> Summary: Add message parameter XML-escaping to <html:messages> Product: Struts Version: Nightly Build Platform: All OS/Version: All Status: NEW Severity: Enhancement Priority: Other Component: Custom Tags AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] This is small enhancement to the <html:messages> tag, adding a boolean attribute which enables the XML-escaping of message parameters, while leaving the text of the message pattern itself intact. This can be useful if you have markup in your message patterns which you would like to keep, but want to filter the parameters going into them, e.g. if they reflect user input: errors.divideZero=The mathematical expression <strong>{0}</strong> caused a divide by zero. Currently, you can escape XML using <bean:write name="error" filter="true"/>, but this would filter the helpful <strong> tag also. The proposed new feature would allow for sensible use of html tags in message properties, while still protecting against abnormal user input. I've implemented this feature in patch against nightly build 'jakarta-struts-20040113' and will attach the patch shortly. best regards, Roberto --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]