- Struts2
<s:property value="name" />
is automatically escaped by default; - JSTL
<c:out value="${name}" />
is automatically escaped by default; - JSP EL
${name}
is NOT escaped.
You can explicitly escape it with ${fn:escapeXml(name)}
, or set the escape to be performed by default creating a custom ELResolver as described in this great article: