JSP:JSTL< c:out>标签
问题描述:
编写JSP页面,< c:out> 到底是做什么的?我注意到以下两者都有相同的结果:
Writing a JSP page, what exactly does the <c:out> do? I've noticed that the following both has the same result:
<p>The person's name is <c:out value="${person.name}" /></p>
<p>The person's name is ${person.name}</p>
答
c:out 转义HTML字符,以便您可以避免跨站点脚本。
c:out escapes HTML characters so that you can avoid cross-site scripting.
如果 person.name =< script> alert( Yo)< / script>
脚本将在第二种情况下执行,但在使用 c:out
the script will be executed in the second case, but not when using c:out