I'm using version jetty-9.3.0.v20150612 in an OSGI environment, with v2.5 of the Servlet specification. I've inherited a mass/mess of old Java Servlet code that works, that is replete with security issues. I'm trying to address some of the XSS issues by using JSTL. I've added the required JSTL directive at the top of the JSP files:
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
But when I first access this jsp page, it fails and I see the following in the error log:
2019-01-08 20:44:44,606 qtp1697835528-134 WARN org.eclipse.jetty.servlet.ServletHandler - org.apache.jasper.JasperException: /jsp/applicationsChoice.jsp(1,63) PWC6188: The absolute uri: http://java.sun.com/jsp/jstl/core cannot be resolved in either web.xml or the jar files deployed with this application
at org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:92)
I've seen many old references that suggest there was at one point in time issues with JSTL and the Jetty 9.x release. Is this old information? Can someone supply a pointer or two?
~~~~~~~~~~~~~~~~~~~
Tom Hoffman