[Esapi-user] Avoiding double escapes
Kevin W. Wall
kevin.w.wall at gmail.com
Thu Jul 6 14:34:17 UTC 2017
Not to be rude, but 1) this is a mailing list for the discussion of
ESAPI, not JSTL, and 2) you really have not provided enough details
for people to provide anything but speculative answers.
I would advise you to post this on Stack Overflow where you are more
likely to get a response.
And include a small code snippet and explain what you mean by
reloading the page (e.g., a browser refresh or something else?).
On Thu, Jul 6, 2017 at 4:21 AM, Uma Venkatakrishnan
<uma at akhilainfo.co.in> wrote:
> Hi All,
> I am using fn:escapeXml() from JSTL core to escape character inputs in my
> jsps. I find that if a string with a '&' is escaped with & then when
> re-loading the page, it escapes it again and makes it '&&'. How to
> stop the double encoding in jsps.
> Please share any ideas.
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
Blog: http://off-the-wall-security.blogspot.com/ | Twitter: @KevinWWall
NSA: All your crypto bit are belong to us.
More information about the Esapi-user