Hello all,
I'm working for a client that's using a proprietary Servlet/JSP-based framework that runs on Tomcat. They have their own custom JSP compiler and they're looking to move to a standard JSP compiler. One of the things their compiler supports is automatic escaping of XML in expressions. For example, ${foo} would be escaped so <body> -> &lt;body&gt;. JSP EL does not do this. It *doesn't* escape by default and instead requires you to wrap your expressions with <c:out/> if you want escaping.
I'd like to ask what developers think about adding a flag (similar to trimSpaces in conf/web.xml) that allows users to change the escaping behavior from false to true?
I think this is a good option to have as it allows security-conscious organizations to paranoid and escape all content by default.
Thanks,
Matt
You nbelom know this one, please visit soonclick this link now .. !!! http://www.agenherbalnasa.com/2017/04/harga-ayla-breast-care.html http://www.agenherbalnasa.com/2017/04/harga-collaskin-facial-cleanser.html http://www.agenherbalnasa.com/2016/11/harga-crystal-x-asli-nasa.html http://www.agenherbalnasa.com/2017/04/harga-glio-nasa.html http://www.agenherbalnasa.com/2017/04/pestona.html
https://github.com/royalty-dental https://people.sap.com/rolayty https://www.provenexpert.com/royalty/ https://myopportunity.com/profile/royalty-den/nw https://www.deviantart.com/royaltyden https://my.desktopnexus.com/royalty/ https://soundcloud.com/jb-fapl https://opporty.com/account/blog-contributor-profile https://www.universalhunt.com/profiles/fariba-farajnejad https://www.bizofit.com/business-directory/royalty-dental-associates/ https://www.aileensoul.com/company/royalty-dental-associates-Spring https://stocktwits.com/royaltyden https://www.wantedly.com/users/127266332 https://devnet.kentico.com/users/487673/fariba-farajnejad https://news-icta.nationbuilder.com/royalty
