1 Reply Latest reply on Sep 5, 2012 6:38 PM by Sham HC

    xssAPI encodeForHTMLAttr what's the alternative?




      Reading the xssAPI doc, on the method of encodeForHTMLAttr(), it says: 'DO NOT USE FOR ACTIONABLE ATTRIBUTES (href, src, event handlers); YOU MUST USE A VALIDATOR FOR THOSE!'


      Just wondering what to use to validate?  is getValidHref() the right one to use?