I’m trying to provide a somewhat meaningful example of Why Can’t I Just HTML Entity Encode Untrusted Data?. I’d like the demo to work within a JSP (or other Java Based Templating Technology). Concreely, I’ve currently come up with the following example:
<html>
<head></head>
<body>
<script>