When I have a syntax error in an EL expression, the exceptions contains this text: Unable to parse the expression: org.apache.taglibs.standard.lang.jstl.parser.ParseException: Encountered "<EOF>" at line 1, column 18. Was expecting one of: "}" ... "." ... <GT> ... <LT> ... "==" ... <LE> ... <GE> ... "!=" ... "[" ... "+" ... "-" ... "*" ... <DIVIDE> ... <MODULUS> ... "and" ... "or" ... When this is displayed by the container in an HTML formatted error page (like the one used by Tomcat 4), the <GT>, <LT> etc. operators are not displayed. I suggest avoiding greater-than and less-than characters in all error messages (even though this could be fixed by the container if it encoded all exception messages).
It's extremely hard to find out which expression is invalid even in a modestly complex page with a few expressions. The line and column number in the exception message are confusing since they refer to the line/column in a single expression, not a line/column in the page (which is basically impossible to accomplish in JSP 1.2). I suggest the complete expression being parsed be included in the exception message. That would make it a lot easier to find out where the problem lies.
One more thought: isn't the TLV supposed to check EL syntax? If so, it should be able to report real line numbers for syntax errors using the jsp.id element for the action element (at least in a container that suppors jsp.id attributes). There may still be occasional EL runtime errors, so my previous comment about including the complete expression in the exception message still applies.
I've separated Hans' additional comments about including the complete expression in the error message to bug 7158
Regarding the original bug (exception contains HTML-like element), I don't think the JSTL is the right place to fix this. This really seems like it should be the container's responsibility, since the container is choosing to show the exception to the end user, and therefore should take on the responsibility of formatting the exception correctly. If we change our error message to be formatted to particular markup conventions, then we're making assumptions about how the exception will be displayed. For example, what if it's going to be displayed in two different formats, such as HTML and a log entry? Unless the container is responsible for the formatting, one of those outputs is going to look wrong.