== Why is this an issue?

include::../rationale.adoc[]

include::../impact.adoc[]

// How to fix it section

include::how-to-fix-it/commons-compiler.adoc[]

include::how-to-fix-it/jsp.adoc[]

include::how-to-fix-it/spring.adoc[]

== Resources

include::../common/resources/articles.adoc[]

include::../common/resources/standards.adoc[]

* CWE - https://cwe.mitre.org/data/definitions/917[CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

=== Highlighting

"[varname]" is tainted (assignments and parameters)

this argument is tainted (method invocations)

the returned value is tainted (returns & method invocations results)


'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]