Mixing scriptlets with JSTL and EL is a big mess. I suggest against it.
That said, what's up with
<c:out value="${request.getAttribute('from')}"/>?
Any reason it's not just
<c:out value="${from}"/>?
Or, if the
string is trusted, just
${from}?
Why are you still using scriptlets in a page that's enabled for JSTL and EL?