i know that - By default, the value of the escapeXml attribute of the JSTL <c:out> tag is true. This default behavior ensures that HTML special characters, such as <, >, &, ', or ", contained in output strings are converted into their corresponding character entity codes and displayed properly in the HTML page produced by the
JSP page.
But I am not aware of the security implications of having this attribute as false.
Could you please help me in letting know the security implications ?
thanks for your time and effort !