[Esapi-user] Avoiding double escapes

Kevin W. Wall kevin.w.wall at gmail.com
Thu Jul 6 14:34:17 UTC 2017


Uma,


Not to be rude, but 1) this is a mailing list for the discussion of
ESAPI, not JSTL, and 2) you really have not provided enough details
for people to provide anything but speculative answers.

I would advise you to post this on Stack Overflow where you are more
likely to get a response.
And include a small code snippet and explain what you mean by
reloading the page (e.g., a browser refresh or something else?).

Best regards,
-kevin

On Thu, Jul 6, 2017 at 4:21 AM, Uma Venkatakrishnan
<uma at akhilainfo.co.in> wrote:
> Hi All,
>
> I am using fn:escapeXml() from JSTL core to escape character inputs in my
> jsps. I find that if a string with a '&' is escaped with &amp then when
> re-loading the page, it escapes it again and makes it '&&amp'. How to
> stop the double encoding in jsps.
>
> Please share any ideas.
>
> Thanks
> Uma
>
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user
>



-- 
Blog: http://off-the-wall-security.blogspot.com/    | Twitter: @KevinWWall
NSA: All your crypto bit are belong to us.


More information about the Esapi-user mailing list