> Are you suggesting that javascript injection in href be disabled to prevent > XSS attacks?
I'm suggesting that is better that the variable inside <s:a
href="%{myVar}> should NOT close the generated <a> because this
would make the browser to execute the eventual javascript
automatically on the page load...
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
