Details

      Description

      GRAILS-1827 was an excellent idea to introduce protection against cross site scripting. I believe that HTML should be the default codec for new projects as this will get people used to the security features from their first use of Grails. Then we have security by default, which people can override if they know what they're doing.

      The auto-generated list.gsp files currently include the following call to encodeAsHTML

      $

      { somedata.encodeAsHTML() }

      Whether you change the default codec or not, I think this call should be removed from the list.gsp pages as it is not present in any of the other pages.

        Activity

        Show
        Bobby Warner added a comment - https://github.com/grails/grails-core/pull/209

          People

          • Assignee:
            Lari Hotari
            Reporter:
            Nathan Clement
          • Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Last Reviewed:

              Development