The c: out tag is used to display a value. It takes 3 parameters :
The defaultattribute holds the value to display if the value attribute holds a null value. Instead of using the default attribute, you may specify default value in the tag body (body-content : JSP).
escapeXml attribute (which defaults to true) tells that if the value contains some XML special characters (< > & ' "), they are translated to entity code (ex: < translates to & lt; ). The result is that the special characters are displayed in the resulting page, instead of being interpreted as XML components. It also avoids malicious attacks where users would include tags in a text area that is interpreted when you want to display it, resulting in unwanted code executed on the server.
Finally, the value attribute holds the value to display.
All of these attributes can take dynamic values (rtexprvalue = true)
Finally, value and default (or body content instead of default)deal with Objects, not only Strings. So :
If the evaluated value does not resolve to a java.io.Reader object, then it's coerced into a String and written in the JspWriter object.