6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Is it possible to omit escaping some html in <c:out value="${str}">?\",\"text\":\"

I want make secure display (escaping html characters with c:out) but allow some links (<img> <a href> and youtube embedded). How can I do this? Is it possible achieve this with c:out?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"hello_world\"},\"upvoteCount\":2,\"answerCount\":1,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","java",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/java/1","children":"java"}]}],["$","span","jsp",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/jsp/1","children":"jsp"}]}],["$","span","jstl",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/jstl/1","children":"jstl"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/9ec9330a5d7d5a80190bc438f601bc88?s=256&d=identicon&r=PG","alt":"hello_world","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/565375/hello-world","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"hello_world"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",215]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Is it possible to omit escaping some html in <c:out value="${str}">?"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

I want make secure display (escaping html characters with c:out) but allow some links (<img> <a href> and youtube embedded). How can I do this? Is it possible achieve this with c:out?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",2]}],["$","p",null,{"children":["Views: ",896]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","4614554",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/39acb52ff074bc477f0325f4b1960c90?s=256&d=identicon&r=PG","alt":"Jigar Joshi","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/260990/jigar-joshi","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Jigar Joshi"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",240870]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

Use escapeXml

\n\n

<c:out value=\"${test}\" escapeXml=\"true\" />\n

\n\n

To prevent XSS attacks also look at JSoup Cleaner

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",3]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","31992426",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/31992426","className":"text-blue-600 hover:underline","children":"value="${fn:escapeXml(true)}"/> Is it useful?"}]}],["$","li","34171282",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/34171282","className":"text-blue-600 hover:underline","children":"How to unescape HTML tags with JSTL"}]}],["$","li","475839",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/475839","className":"text-blue-600 hover:underline","children":"How can I escape special HTML characters in JSP?"}]}],["$","li","12182121",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/12182121","className":"text-blue-600 hover:underline","children":"Escaping javascript string in java"}]}],["$","li","26154614",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/26154614","className":"text-blue-600 hover:underline","children":"StringEscapeUtils.escapeHtml"}]}],["$","li","24229768",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/24229768","className":"text-blue-600 hover:underline","children":"Escape characters in jsp?"}]}],["$","li","20666232",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/20666232","className":"text-blue-600 hover:underline","children":"Do JSTL tags automatically escape HTML?"}]}],["$","li","12456027",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/12456027","className":"text-blue-600 hover:underline","children":"How to not escape chars in JSTL using c:out"}]}],["$","li","8827896",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/8827896","className":"text-blue-600 hover:underline","children":"why are the escape characters being displayed in HTML?"}]}],["$","li","2148799",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/2148799","className":"text-blue-600 hover:underline","children":"Escaping html in Java"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Is it possible to omit escaping some html in &lt;c:out value=&quot;${str}&quot;&gt;?

Answers (1)

Related Questions

Is it possible to omit escaping some html in <c:out value="${str}">?