wavetree
Reputation: 1557
JSTL escapeXml default
I know to avoid escaping HTML characters in JSTL to use this:
<c:out value="${my.value}" escapeXml="false" />
I am wondering if there exists a page directive to make escapeXml false by default, so I need not specify it on that particular page.
Upvotes: 9
Views: 21518
Answers (1)
JB Nizet
Reputation: 691645
The above does not escape HTML, since escapeXml is set to false. By default, escapeXml is true, and the <c:out> tag thus escapes the HTML. If you don't want to escape, you could simply use
${my.value}
and avoid using <c:out> completely, since the only purpose of <c:out> is to escape HTML.
Upvotes: 16
Related Questions
- value="${fn:escapeXml(true)}"/> Is it useful?
- How to unescape HTML tags with JSTL
- "${fn:escapeXml(parameter)!=null}" is always true
- escaping xml chars in jsp exception
- How to prevent JavaScript injection (XSS) when JSTL escapeXml is false
- Display attribute context with escaping xml characters using jstl
- How to tell Java which StringEscapeUtils.escapeXML() to use?
- why are the escape characters being displayed in HTML?
- Escape JSP EL using JSTL tags (dot character)
- How to Escape Character in EL with JSTL tag?