I have this in my web.xml
<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>
and this is in jsp
<spring:htmlEscape defaultHtmlEscape="true" />
However, I can put <font color="red">this is red</font>in the form and see the red text on the website.
I use EL and Taglib to access my variables in jsps. For example.<h3>${someThing.title}</h3>
Why it doesn’t work, what should I do? Wrapping each EL expression in some shell inflates the code and is very error prone ...
source
share