Six Cool New JSP and Servlet Features
Subject:   <c:out/> and escaping
Date:   2004-02-11 21:30:15
From:   pelletk
Thanks for the article - a good synopsis of highlights of the new features, and well-explained to boot.

I'd just like to point out that a bare EL statement such as ${foo} is not quite the equivalent of <c:out value='${foo]'/>

The distinction is that <c:out../> will escape XML characters by default (this can be turned off with escapeXml='false'), whereas ${foo} will leave the contents of foo untouched.

I've recently seen it suggested elsewhere that JSP 2.0 pages should replace all <c:out/> with ${...}. This could have serious side-effects if the content of the variables presented is not considered carefully with respect to escaping.

1 to 1 of 1
  1. <c:out/> and escaping
    2004-02-12 10:14:45  bperry [View]

    • <c:out/> and escaping
      2004-02-12 10:18:37  bperry [View]

      • <c:out/> and escaping
        2004-02-12 10:22:17  bperry [View]

        • <c:out/> and escaping
          2004-05-22 07:24:55  wanjm [View]

1 to 1 of 1