jsp - Is usage of <c:out> tag with escapeXml="false" equivalent to not using <c:out> tag? -


i have read using <c:out> tag prevent xss attacks cases, example, displaying units superscript (kg/m3) using <c:out> displayed plain text sup tag (kg/m<sup>3</sup>). in order display properly, escapexml="false" has used.

<c:out value="${units}" escapexml="false></c:out> 

but wondering whether using <c:out> tag escapexml="false" equivalent not using <c:out> tag itself?

<c:out value="${units}" escapexml="false" /> 

this indeed equivalent not using <c:out>, only in jsp 2.0 or newer.

${units} 

in older jsp versions (jsp 1.x), el in template text above not supported , therefore <c:out> way print el expressions.

see also:


Comments

Popular posts from this blog

resizing Telegram inline keyboard -

command line - How can a Python program background itself? -

php - "cURL error 28: Resolving timed out" on Wordpress on Azure App Service on Linux -