struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Antonio Petrelli (JIRA)" <j...@apache.org>
Subject [jira] Created: (WW-2427) s:a does not encode "href" attribute value
Date Wed, 16 Jan 2008 08:48:05 GMT
s:a does not encode "href" attribute value
------------------------------------------

                 Key: WW-2427
                 URL: https://issues.apache.org/struts/browse/WW-2427
             Project: Struts 2
          Issue Type: Bug
          Components: Plugin - Tags
    Affects Versions: 2.0.11
            Reporter: Antonio Petrelli


The <s:a> does not encode with HTML entities the "href" attribute value. This can lead
to invalid HTML and, in certain cases, to 
XSS attacks.
Probably a new attribute, that specify if the encoding is enabled or not, should be added.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message