EL and Cross Site Scripting attacks - JSP 2 functions to the rescue 2 Posted by Michael Studman Tue, 01 Jun 2004 03:00:00 GMT The JSP expression language (EL) has made writing JSPs so much more pleasurable but like standard JSP expressions you need to take care they don't expose your site to Cross Site Scripting (XSS) attacks. JSP 2.0, however, gives us a way to ensure our JSPs are both XSS-safe