struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Siman <aleksandr.si...@gmail.com>
Subject Re: Struts 2.1.8: Do we need to escape messages?
Date Sat, 17 Oct 2009 10:51:31 GMT

These tags are:

        <s:actionmessage/>
        <s:actionerror/> 

I have written about it in this thread already. Please, read this message:
http://www.nabble.com/Re%3A-Struts-2.1.8%3A-Do-we-need-to-escape-messages--p25927098.html

dcabasson wrote:
> 
> What code are you using to output this message? Is it a s:text? a 
> s:property?
> 
> Denis.
> 
> Alex Siman a écrit :
>> I just have found that Struts 2.1.8 escapes messages, so instead of
>> message
>> (in browser) like:
>> User with email user@example.com registered successfully.
>>
>> now I get this one:
>> User with email &lt;strong&gt;user@example.com&lt;/strong&gt; registered
>> successfully.
>>
>> In first example I used to escape only the inserted parameter "email".
>> I am not against automatic escaping of messages. It's good for security.
>> But
>> I am wonder, how to use expected HTML markup into messages? Maybe you
>> have
>> any another design solution?
>>
>> P.S. The downside of upgrades.
>>   
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Struts-2.1.8%3A-Do-we-need-to-escape-messages--tp25922882p25937213.html
Sent from the Struts - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message