I am reading some messages from a database and throwing it to a jsp page. When using struts logic tags to render the message from the database the message in the database allows HTML formatting, meaning if an html tag such as <table width="99%"> is used in the database message then it will render this html properly when using struts logic tags... however if JSTL is used to render the object (database message) then the html formatting is not rendered properly.
An example of the struts logic tags is:
<div class="textTitle"><bean:write name="blahBlah" filter="false" property="displayObjects[1].fieldName"/></div>
An example of the JSTL tag is:
<td width="30%" class="formOpt"><c:out value="${pubParam.fieldName}"/>:</td>
notice i use c:out for JSTL and bean:write for struts tag..
Does anyone know why in JSTL the html formatting is not being rendering yet thrown to the page as is (meaning including the <table width="99%"> from the database message)?
JSTL <c:out> tag by default escapes XML in the value attribute. So it prevents some unwanted code XSS rendered from the expression variable. In most cases you should not <c:out> html content that you want to be rendered. But there's a switch that you can use on your own risk.
<c:out value="${pubParam.fieldName}" escapeXml="false"/>