Hi Everyone,
We are having trouble with a Spring project. We are trying to do this:
<form:form action='...'>
<form:input type="hidden" ... value="${someValue}" />
</form:form>
We want to encode for 'value', so we think we need something like
this, using a JSP expression:
value="<%= ESAPI.encoder().encodeForHTMLAttribute(${someValue}) %>"
However, ${someValue} is because Spring has not performed its
translations when ESAPI.encoder().encodeForHTMLAttribute is
translated.
I think it is this problem:
https://stackoverflow.com/questions/21164915/esapi-implementation-for-spring-form-tags.
What does ESAPI recommend for a Spring framework project?
Jeff