发表新帖
发表新帖

How to escape double quotes in JSTL function / EL?

后端 未结
关注
3 1429
隐瞒了意图╮
隐瞒了意图╮ 2020-12-29 06:18

I need to change \" to \\\" with JSTL replace function to use the string in input tag like:
3条回答
  • 没有蜡笔的小新
    没有蜡笔的小新 (楼主)
    2020-12-29 06:35

    It doesn't work because the \ is an escape character in Java string. To represent it literally, you need to escape it with another \ again. Also the " is a special character in EL, you also need to escape it to represent it literally. So, the proper syntax would have been:

    But, you should actually be using fn:escapeXml() to prevent XSS. It not only escapes quotes, but also other characters.

    See also:

    • XSS prevention in JSP/Servlet web application

    0 讨论(0)
 看不清?
提交回复
热议问题