On Wednesday 28 March 2007 18:17, Christopher Schultz wrote: > > Do they go through request.encodeURL automatically or do I have to do > > something?
If you use JSTL Core library c:url, then they do. If you are using "<a href=''>", then they do not and you have to use <a href="<%= response.encodeURL(theURL) %>">link</a>. It's safer and cleaner to use c:url. I prefer the XML syntax, <jsp:element name="a"> <jsp:attribute name="title">Log out</jsp:attribute> <jsp:attribute name="href"><c:url value="logoff.jsp"/></jsp:attribute> <jsp:body>Log Out</jsp:body> </jsp:element> but you can do <a href="<c:out value="logoff.jsp"/>">Log Out</a> -- Nicholas Sushkin, Senior Software Engineer http://www.openfinance.com http://www.wealthinformationexchange.com
smime.p7s
Description: S/MIME cryptographic signature
