${fn:escapeXml(var)} does not display the value of var

Question

I am following this tutorial of google appengine. I have a jsp file where I use ${fn:escapeXml(var)} to put the value of String variable var in the html code that will be generated. However, the resultant html code does not put anything at that place. I confirmed it using the view source option in the chrome.

Following is my jsp code:

<%@page import="java.util.List"%>

<%@page import="com.google.appengine.api.datastore.Query"%>
<%@ page import="com.google.appengine.api.datastore.DatastoreService"%>
<%@ page import="com.google.appengine.api.datastore.DatastoreServiceFactory"%>
<%@ page import="com.google.appengine.api.datastore.Entity"%>
<%@ page import="com.google.appengine.api.datastore.FetchOptions"%>
<%@ page import="com.google.appengine.api.datastore.Key"%>
<%@ page import="com.google.appengine.api.datastore.KeyFactory"%>


<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">



<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<% String var = "asd";  %>
    
value of var:"${fn:escapeXml(var)}"
</body>
</html>

Following is the html code that appears upon clicking "view source" in chrome:

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">



<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>

    
value of var:"" 
</body>
</html>

score 3 · Accepted Answer · answered Jun 15 '14 at 17:05

3

Scriptlet variable is not available in EL scopes. Try

<c:set var="c"><%=var%></c:set>
value of var:"${fn:escapeXml(c)}"

answered Jun 15 '14 at 17:05

Roman C

49,761
33
66
176

+1 but try to avoid Scriplet. – Braj Jun 15 '14 at 17:09
@Braj Do you know what is a scriptlet? – Roman C Jun 15 '14 at 17:21
What is this `<%=var%>` – Braj Jun 15 '14 at 17:32
There are three types of scripting elements: 1.) scriptlet tag `<%...%>` 2.) expression tag `<%=...%>` 3.) declaration tag `<%!...%>` – Braj Jun 15 '14 at 17:45
I don't understand what is a _scripting element_ and which option(s) are used for scriptlets. Navigating question: how many Java statements a scriptlet can contain? – Roman C Jun 15 '14 at 18:06
I simple term I am talking about any uses of `<% %>` in JSP. that's all. If you love it then no worry just use it. Please have a look at this [post](http://stackoverflow.com/questions/3177733/how-to-avoid-java-code-in-jsp-files) and specially read first line of the answer. – Braj Jun 15 '14 at 18:21
This is your option 1, but I didn't use it, I've used your option 2. As far as I know JSP it's a JSP expression and not a tag, the tag is ``. – Roman C Jun 15 '14 at 18:30
@Braj I now already (about decade) since struts tags has been introduced, all presentation logic moved to tags (nowadays it's moved to html5,css3, and javascript) and business logic moved to a business layer. But this is not a question about best practices or best framework or best taglib to use instead of scriptlets. – Roman C Jun 15 '14 at 18:48

score 2 · Answer 2 · edited May 23 '17 at 10:28

You should avoid scriptlets altogether and use JSTL/EL to prepare this variable as you already using for function.

I suggest you to use JavaServer Pages Standard Tag Library or Expression Language instead of Scriplet that is more easy to use and less error prone.

<c:set var="value" value="asd"/>    
value of var:"${fn:escapeXml(value)}"

you might interested in this one as well

<c:out value="value" [escapeXml="{true|false}"] [default="defaultValue"] />

${fn:escapeXml(var)} does not display the value of var

3 Answers3