问题
I'm using EJS with a Node.js web server I'm building. I see many EJS examples that sometimes use <%= when outputting HTML or strings, while other examples (sometimes within the same template) use <%-.
I tried to reference the EJS docs and getting started guide, but both gave no info about the <%- notation. Also, my Google search attempts yielded nothing useful. Thanks!
回答1:
The version of EJS you're likely using in Node is not the same as the version you see on Google code; in the Node version, <%= escapes the HTML going into the buffer, while <%- does not. source
回答2:
From http://ejs.co/:
<% 'Scriptlet' tag, for control-flow, no output
<%= Outputs the value into the template (HTML escaped)
<%- Outputs the unescaped value into the template
回答3:
With <%= you if would render some variables that holds a string that holds HTML code, it would not render that HTML code but render it as text to avoid cross-site scripting attacks.
With a minus ( <%- ) you can avoid this, and really render the HTML code.
来源:https://stackoverflow.com/questions/11024840/ejs-versus