We currently render web UI views with JSP/JSTL. This makes consistent output encoding difficult and increases security risk when raw EL output is used in different contexts (HTML, attributes, URLs).
Motivation
- Move toward a modern Spring-aligned view stack.
- Simplify template composition and long-term maintainability.
- Improve security safety baseline.
- Reduce manual context-encoding mistakes in JSP EL output.
Out of scope
- UI redesign.
- Controller endpoint redesign.
- Business logic changes unrelated to templating.
Reference: #1733 (comment)
We currently render web UI views with JSP/JSTL. This makes consistent output encoding difficult and increases security risk when raw EL output is used in different contexts (HTML, attributes, URLs).
Motivation
Out of scope
Reference: #1733 (comment)