Skip to main content

Home/ InfokeyDEV/ Group items tagged jstl tip

Rss Feed Group items tagged

Benx Shen

Raible Designs | Proposed Tomcat Enhancement: Add flag to escape JSP's EL by default - 0 views

  • Hello all, I'm working for a client that's using a proprietary Servlet/JSP-based framework that runs on Tomcat. They have their own custom JSP compiler and they're looking to move to a standard JSP compiler. One of the things their compiler supports is automatic escaping of XML in expressions. For example, ${foo} would be escaped so <body> -> <body>. JSP EL does not do this. It *doesn't* escape by default and instead requires you to wrap your expressions with <c:out/> if you want escaping. I'd like to ask what developers think about adding a flag (similar to trimSpaces in conf/web.xml) that allows users to change the escaping behavior from false to true? I think this is a good option to have as it allows security-conscious organizations to paranoid and escape all content by default. Thanks, Matt
    使用 <c:out> 標籤來取代 ${foo} 這種 EL 的寫法,可以自動將內容中的 < > 轉換成 &lt; &gt;

1 - 1 of 1
Showing 20 items per page