This week's book giveaway is in the OCPJP forum. We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line! See this thread for details.
I've written my own ELResolver to escape any HTML in the output and prevent XSS.
It works fine, but double escapes output in <c:out> tags.
The workaround is to add disable XML escaping in the c:out tag, but I would like to automatically stop escaping when the ELResolver is evaluating an expression inside a c:out's value attribute.
Is there a way of working out which tag I'm current inside?
I've looked at the JSP page context, but can't find anything suitable.