I have the <ice:messages /> to show the success or error when searching for something in an icefaces project. When I add the message I add something like "something wrong happened with search input " + searchinput.
When entering something like <script>alert(document.cookie)</script> in the search input the response comes and alerts on the browser. Is there a way to prevent that.(I can't change what I return as a response due to some client requests )
I tried using escape="true" and it didn't work