问题
In JSTL there are two ways to print the output -
<H1><c:out value="${theOutput}" /></H1>
AND
<H1>${theOutput}</H1>
What is the difference? And which one is preferred way?
Thanks.
回答1:
Both methods c:out and JSP EL will display output to the page, however there is one major difference. The c:out tag will automatically escape xml output which can prevent cross site scripting. Using JSP EL (the second option) will not escape the output.
When displaying data which has been inputted by a user use the c:out tag instead of JSP EL to prevent any malicious data input from displaying on the page.
来源:https://stackoverflow.com/questions/18309728/difference-between-cout-and-print-the-output-using