-
Type:
New Feature
-
Resolution: Done
-
Priority:
Normal
-
Affects Version/s: None
-
Component/s: None
-
Security Level: Jimmy
-
None
-
ZK 8.6.0 S2, ZK 8.6.1 S1
-
None
According to https://www.zkoss.org/wiki/ZK_Developer%27s_Reference/Security_Tips/Cross-site_scripting#Using_some_of_the_.27Clients.27_utility_methods, this method doesn't encode the string argument on purpose. Just add a warning in JavaDoc to remind the people who call it.