Hi all,
I am trying to inject HTML to the view using jstl but it is not being rendered as HTML but as plain text. Here is a sample of what I am using



<c:set var="msg" value="hi <b>Test</b>!" />

<c:out value='${msg}' escapeXml="true" /> <br><br>

<c:out value='${msg}' escapeXml="false" /> <br><br>

${msg}


and my output in the view is



hi &lt;b&gt;Test&lt;/b&gt;!

hi <b>Test</b>!

hi <b>Test</b>!


What I would like to do is display the word "Test" in bold. I am using Spring 3.

Thanks in advance.

Probably your markup is being rendered as plain text because of wrong content-type.

Try adding this JSP directive to your view:

<jsp:directive.page contentType="text/html;charset=UTF-8" />

It may sound silly, but do you have the relevant <html> tags etc. in your JSP page?

Hi,

Thank you very much for responding to my question.

My post seem to be awaiting moderation (maybe because of a few links). So here is the solution I found.

I am using the Appfuse framework with Spring 3. In the web.xml I found a Listener called EscapeXmlELResolverListener (http://static.appfuse.org/appfuse-web/appfuse-web-common/apidocs/org/appfuse/webapp/jsp/EscapeXmlELResolverListener.html), and according to the Javadoc it "Registers ELResolver that escapes XML in EL expression String values." This was what was causing the issue. After commenting out the configuration the code worked as expected.

It seems like this filter is used to prevent xss attacks, but we've decide to remove this because we use EL heavily in the views. As an alternative (http://www.hdiv.org/) might be useful. Haven't looked at the documentation, but hoping to use this to prevent xss attacks.

Hope this was useful.

Thanks.