Fixing Cross-site Scripting in Java
Use when the parameter is being echoed:
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <p>Welcome <c:out value="${user.name}" /></p> Use while taking the user input: <%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %> <input name="username" value="${fn:escapeXml(param.username)}">
I want solution for the above samples