JSP expressions (using <%= ... %>) have been deprecated because they:
JSP Standard Tag Library (JSTL) and Expression Language should be used instead, enabiling the adoption of the model-view-controller (MVC) design pattern which reduces the coupling between the presentation tier and the business logic.
<input type="text" name="foo" value="<%= request.getParameter("foo") %>" />
<input type="text" name="foo" value="${fn:escapeXml(param.foo)}" />