I am receiving Using unsanitized JSP expression can lead to Cross Site Scripting (XSS) attacks even when it looks like I fixed the issue. I have many places where this is happening. Here is one example
<div class="prop-div" id="in-field-div" data-propid="<c:out value='${inFieldProp.inputFieldId}'/>">
In the same file, this line did not receive an error even though it looks to be the same
<input type="text" class="form-control in-field-prop"
id="if-input-name" name="inputName" data-prop="inputName"
value="<c:out value='${inFieldProp.inputName}'/>">
Here is the solution they said to apply. It looked like I had applied the solution:
<%@ page contentType="text/html; charset=UTF-8" %>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
${expression} <!-- don't use this -->
${fn:escapeXml(expression)} <!-- instead, escape it -->
<c:out value="${expression}" /> <!-- or use c:out -->