JSP programming best practice: Use the escapeXml attribute to preserve HTML formatting
By default, the value of the escapeXml attribute of the JSTL <c:out> tag is true. This default behavior ensures that HTML special characters, such as <, >, &, ', or ", contained in output strings are converted into their corresponding character entity codes and displayed properly in the HTML page produced by the JSP page. In some common WebSphere Commerce store scenarios, however, this behavior is counterproductive. One such scenario is the display of prices in globalized stores:
<c:out value="${product.listPrice}" />
As the Japanese yen symbol, , is displayed using the ¥ named character entity, the default conversion will result in the price of 3,544 being displayed as ¥3,544.
To prevent the conversion, escapeXml should be explicitly set to false as follows:
<c:out value="${product.listPrice}" escapeXml="false" />
Another common scenario is the display of user-supplied text, such as product descriptions or dynamic text messages. If you expect advanced users to use HTML tags for formatting, such as line breaks or bulleted lists, set the escapeXml attribute of the <c:out> tag used to display the text to false as in the following example:
<c:out value="${productPromotion.longDescriptionString}"
escapeXml="false" />