I just realized that the fmt:message tag, unlike c:out, is not escaping its output.
How would you escape the content you internationalize?
Wrapping every single fmt:message with some other tag that does the escaping (and I did not find such tag) is not a viable solution in my opinion.
There are other issues, like the type of escaping. Even c:out is very limited, it does only generic HTML escaping and that is not enough, you would need at least JavaScript string literal escaping and may be HTML attribute value escaping as well.
Thanks, Marius
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
