Vic Cebedo
Reputation: 179
Usage of defaultHtmlEscape web.xml in JSTL
So I have set the following parameters in my web.xml:
<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>
Will this automatically escape outputs for the field by only declaring in the JSP:
<input type="text" class="form-control" id="label" name="label" value="${field.label}">
or do I need to use the <spring:? Or use the <form: tags?
Update:
This question is just a matter of yes/no. And maybe a brief answer regarding how to activate the params in the JSP-side. My question is after I set the params in web.xml. So do i need to use <spring: or <form: tags in the JSP or I can use plain <input type... tags?
Upvotes: 2
Views: 7135
Answers (1)
Fernando Lozano
Reputation: 392
The escaping applies only to the Spring MVC tags. For example:
<form:input path="field" htmlEscape="true" />
Upvotes: 4
Related Questions
- web.xml for jstl
- Spring Security without web.xml
- web.xml in struts and how it is configured with struts-config.xml
- How to set defaultHtmlEscape to true without XML in Spring MVC?
- How to implement correctly web.xml for spring-mvc and spring-security together
- Servlet JSP web.xml
- Spring defaultHtmlEscape doesn't prevent xss attack
- web.xml to WebSecurityConfigurerAdapter
- Spring MVC defaultHtmlEscape - does it work on the way in or out?
- Wicket Jsp and web.xml