ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.

advertisement

AddThis Social Bookmark Button
Article:
  Six Cool New JSP and Servlet Features
Subject:   <c:out/> and escaping
Date:   2004-02-11 21:30:15
From:   pelletk
Thanks for the article - a good synopsis of highlights of the new features, and well-explained to boot.


I'd just like to point out that a bare EL statement such as ${foo} is not quite the equivalent of <c:out value='${foo]'/>


The distinction is that <c:out../> will escape XML characters by default (this can be turned off with escapeXml='false'), whereas ${foo} will leave the contents of foo untouched.


I've recently seen it suggested elsewhere that JSP 2.0 pages should replace all <c:out/> with ${...}. This could have serious side-effects if the content of the variables presented is not considered carefully with respect to escaping.



1 to 1 of 1
1 to 1 of 1