JSP : JSTL 的 <c:out>标签

问题描述：

写一个JSP页面，究竟是做什么的?我注意到以下两者的结果相同:

Writing a JSP page, what exactly does the <c:out> do? I've noticed that the following both has the same result:

<p>The person's name is <c:out value="${person.name}" /></p>
<p>The person's name is ${person.name}</p>

答

c:out 转义 HTML 字符，以便您可以避免跨站点脚本.

c:out escapes HTML characters so that you can avoid cross-site scripting.

if person.name =

脚本将在第二种情况下执行，但在使用 c:out

the script will be executed in the second case, but not when using c:out