Originally posted by Marcellus Tryk:
Thanks Bear,
I'm using a html encoding method, but that prevents me from using jsp:getProperty. This seems like it should be a pretty common problem. How can one be confident that a property returned by getProperty is HTML-safe?
Mars
You can't, but JSTL's <c:out> tag, which effectively replaces <jsp:getProperty>, will automatically encode characters by default, thus making them "HTML-safe." (You can turn off this behavior by using the "escapeXml" attribute.)
See
http://java.sun.com/products/jstl for more info on JSTL, a new JCP standard.