Alternative to using c:out to prevent XSS

Question

I\'m working on preventing cross site scripting (XSS) in a Java, Spring based, Web application. I have already implemented a servlet filter similar to this example http://gr

Answer 1

I agree you shouldn't have to use c:out around every variable. I wrote a blog describing why at http://tech.finn.no/2011/04/08/xss-protection-whos-responsibility/

It touches on much that is said here.