2008/1/15, Jeromy Evans <[EMAIL PROTECTED]>:
>
> Hi Antonio, as I mentioned in a previous post, it's not so simple as the
> href attribute of s:a can legally contain javascript or vbscript.
> This is precisely why the href attribute is not escaped/encoded in the
> template. It's deliberate.
Sorry but I cannot understand: the HTML code, to be valid, needs that every
attribute values that contain special characters ('<' '>' '&') need to be
encoded with the corresponding HTML entity ('<', '>', '&'). I
don't see anything wrong in it.
Antonio
