simple error due to use of double quotes in a jsp file

Question

I have the following line of code in a JSP File in my web app that is giving an error:

Answer 1

The example looks like a XSS example! This is a security vulnerability. I suggest to put in place a html encoding library like c:out tag or http://owasp-esapi-java.googlecode.com/svn/trunk_doc/latest/org/owasp/esapi/Encoder.html#encodeForHTMLAttribute%28java.lang.String%29

I also suggest to take the userName from an authenticated session and not form the request param if possible (unless this is a login/registration form only!)