You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I guess this may be secure, but imho it does not reflect the intention of this method. How about using an example that involves html attributes? Maybe something like this:
I agree. That's a Javadoc bug. I thought that quotes were mentioned as being required somewhere in the Encode Javadoc, but I could be wrong about that.
Currently the
Encode.forHtmlAttribute
JavaDocs contain this JSP example:I guess this may be secure, but imho it does not reflect the intention of this method. How about using an example that involves html attributes? Maybe something like this:
Imho the JavaDocs should also mention that the caller of this method must add quotes around the outputs of this method.
If you think any of this is helpful, I can prepare a PR.
The text was updated successfully, but these errors were encountered: