I was skimming thro the
JSP 2.0 specification's EL part (page 1-65).
I cannot understand the "to help prevent cross-site scripting attacks" part of the following lines.
"The semantics of an EL expression are the same as with
Java expressions: the
value is computed and inserted into the current output. In cases where escaping is
desired (for example, to help prevent cross-site scripting attacks), the JSTL core
tag <c
ut> can be used.
"
How cross site scripting attacks occur if we use expressions and how it is prevented in EL?
Advanced thanks.