Hello all,
I'm working for a client that's using a proprietary Servlet/JSP-based framework that runs on Tomcat. They have their own custom JSP compiler and they're looking to move to a standard JSP compiler. One of the things their compiler supports is automatic escaping of XML in expressions. For example, ${foo} would be escaped so <body> -> &lt;body&gt;. JSP EL does not do this. It *doesn't* escape by default and instead requires you to wrap your expressions with <c:out/> if you want escaping.
I'd like to ask what developers think about adding a flag (similar to trimSpaces in conf/web.xml) that allows users to change the escaping behavior from false to true?
I think this is a good option to have as it allows security-conscious organizations to paranoid and escape all content by default.
Thanks,
Matt
不要重复 DAO! - 0 views
Valang Validator 攻略 - 0 views
Wrong Notes: Flexjson 1.5 is live! - 0 views
Cheat Sheets - ILoveJackDaniels.com - 0 views
« First
‹ Previous
441 - 460 of 467
Next ›
Showing 20▼ items per page