Details
-
Type:
New Feature
-
Status: Closed
-
Priority:
Normal
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 8.6.1
-
Component/s: None
-
Security Level: Jimmy
-
Labels:None
-
gh.sprint.customfield.default.name:ZK 8.6.0 S2, ZK 8.6.1 S1
Description
According to https://www.zkoss.org/wiki/ZK_Developer%27s_Reference/Security_Tips/Cross-site_scripting#Using_some_of_the_.27Clients.27_utility_methods, this method doesn't encode the string argument on purpose. Just add a warning in JavaDoc to remind the people who call it.