On Sun, Sep 27, 2009 at 8:53 PM, Alex Turner <arm...@gmail.com> wrote:
> JSP may not be the slickest templating system, but it's easy and gets the > job done. > The problem I always found with JSP was that there was no way to get it to escape HTML by default (unless I tell it otherwise). This means I have to say <c:out value="foo" /> for every single variable. If I forget — boom, instant cross-site-scripting hole. It's quite likely that I've simply missed some configuration setting, but I didn't see it when I hunted for it. In the Perl world, I used HTML::Mason, which worked well and offered this feature. -Dom --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "The Java Posse" group. To post to this group, send email to javaposse@googlegroups.com To unsubscribe from this group, send email to javaposse+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/javaposse?hl=en -~----------~----~----~----~------~----~------~--~---