Suppose you want to construct a JSP page that contains:
<jsp:setProperty name="user" property="id" value='<%= "id" + idValue %>'/>
Pick some otherwise unused Unicode characters to represent the character sequences that aren’t valid XML. For example, “«” for “<%=”, “»” for “%>”, and “·” for the explicit double quotes:
<jsp:setProperty name="user" property="id" value='« ·id· + idValue »'/>