posted 9 years ago
Just wondering, if this is expected to be a number, why the escapeXml Attribute is specified as false?
I would think yo uwould only want to set escapeXml to false in the specific cases where you are expecting to write HTML onto the page.
Otherwise you have a potential security hole.