Thanks,Page reload (redirect) is needed for the base URL to get updated without spl characters if there is one when it is invoked initially? Without page reload whether the URL will get updated without spl characters?
Initial URL with special char,
https://test.xxx.com/accountDisplay.jsp?accountName=%test"test1(=%
After replacing the special char and page reload, it should be displayed like below ,
https://test.xxx.com/accountDisplay.jsp?accountName=testtest1
are you telling without page reload also it is fine, there is no need to reaload/redirect the page with the updated request param . For example the below will replace the special char in accountName input passed to the page
<c:set var="accountName" value="${fn:replace(fn:replace(fn:replace(fn:replace(fn:replace(fn:replace(lmsRequest,'=',''),'"',''),'%', ''),'&',''),'(',''),')','')}"/>
and this accountName will be passed to the other links in the same page. Thats it there is no need to redirect the page to the same accountDisplay.jsp with the accountName displayed without spl characters so it is not susceptible to XSS? it will be like,
<c:set var="accountName" value="${fn:replace(fn:replace(fn:replace(fn:replace(fn:replace(fn:replace(lmsRequest,'=',''),'"',''),'%', ''),'&',''),'(',''),')','')}"/>
Redirect to -> <Redirect:XXX name="url" value="/test/xxx/accountDisplay?accountName=${accountName}" />
Please clarify here the reload is not needed and why?