Resolution: Won't Fix
Affects Version/s: 1.0.0
Fix Version/s: None
Environment:Operating System: All
There is a systemic error in the whole of struts and all the example programs,
so far as I can see - it is not filtering output through ResponseWriter.filter
Simple example of just one of these many bugs:
alttag=A 6" plank of wood
<html:img src="plank.jpg" altKey="alttag"/>
This is at the very least a bug, and may well be a security problem (in other
contexts) due to CSS.
Hmm, it also appears to be a bug in JSP, in that:
<html:img src="plank.jpg" altKey="alttaC">
should behave identically to the above, but it doesn't, because JSP is failing
to un-html-encode the parameter before passing it to the Java code.