[Asking smart questions] [About Bear] [Books by Bear]
Stefan Evans wrote: - As Bear suggested, use ${param.foo} rather than ${param["foo"]} to remove one set of quotes. i.e. <c:if test="${fn:escapeXml(param.foo) eq param.foo}">no XSS attack within foo</c:if>