fmt:message and escaping

[Marius Scurtescu <ma...@lightspeed.ca>]

Hi all,

I just realized that the fmt:message tag, unlike c:out, is
not escaping its output.

How would you escape the content you internationalize?

Wrapping every single fmt:message with some other tag that
does the escaping (and I did not find such tag) is not a
viable solution in my opinion.

There are other issues, like the type of escaping. Even
c:out is very limited, it does only generic HTML escaping
and that is not enough, you would need at least JavaScript
string literal escaping and may be HTML attribute value
escaping as well.

Thanks,
Marius



---------------------------------------------------------------------
To unsubscribe, e-mail: taglibs-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: taglibs-user-help@jakarta.apache.org