My application is submitting to veracode to identify flaws. I am facing strange issue. Please check below code of my jsp.
<script type="text/javascript">
//My code Before veracode static scan
var userObj = ${userObj};
var settingsObj = ${settingsObj};
//I changed like below it is working, but veracode scan giving error.
var userObj = <%= request.getAttribute("userObj") %>;
var settingsObj = <%= request.getAttribute("settingsObj") %>;
//My code after veracode static scan. veracode scan raised issue with above code so i fixed like below.
var userObj = '<c:out value="${userObj}"/>';
var settingsObj = '<c:out value="${settingsObj}"/>';
</script>
I have two objects userObj, settingsObj both are jsons objects. we will send these objects as request attribute. When i am assigning request attribute like ${var}, it is assigning as json object and working as expected. If i assign from jstl tag it is not working as expected. It is escaping string like below.
variable value with ${attrName} and <%= request.getAttribute("attrName") %>
{"userName":"st_user"}
variable value with c:out
{"userName":"st_user"}
How i can assign json object to javascript variable using with out escaping and with out any extra parsing.
