Detects unescaped EL in JSP pages that may lead to cross-site scripting (XSS) vulnerability. Provides fixes to wrap EL in JSTL "out" tag or mark this usage as safe.