NVelocity and XSS

NVelocity is a view engine for MonoRail. It’s quite handy and it’s not difficult to deliver such views.

One of the flows I can name can be the security issues. By default there’s not much support for security. For instance it’s possible to perform XSS (Cross-site scripting) attacks by providing XHTML or JavaScript code.

I spent some time googleing for …