I've switched to JSP 2.0 in my blog code and eliminated my JSTL <c:out> statements in favor of EL ${expressions}. It seems I'll only need to use <c:out> when I want to have it escape the XML entities in output, since EL doesn't filter at all. The new syntax is much nicer to use in the code, especially when used in an attribute of another HTML tag, such as an href.

Convincing Tomcat to interpret the JSP 2.0 expression language required me to switch to the new XMLSchema in place of the old web.xml DTD:

<web-app
    xmlns="http://java.sun.com/xml/ns/j2ee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
    version="2.4">

To ensure that JSTL understood the embedded EL, I also needed to convert all my <%@taglib%> to import the _rt versions of the taglibs, so http://java.sun.com/jstl/core became http://java.sun.com/jstl/core_rt and http://java.sun.com/jstl/fmt became http://java.sun.com/jstl/fmt_rt.

I also managed to switch to valid XHTML Strict, and added a CSS check. Of course, now that I've deployed it, I notice that Struts' form tags aren't XHTML Strict compliant. *sigh* The name attribute on <form> is invalid.