In JSTL there are two ways to print the output -
<H1><c:out value="${theOutput}" /></H1>
AND
<H1>${theOutput}</H1>
What is the difference? And which one is preferred way?
Thanks.
The difference between printf and print is the format argument. This is an expression whose value is taken as a string; it specifies how to output each of the other arguments. It is called the format string. The format string is very similar to that in the ISO C library function printf() .
The cout object is used to display the output to the standard output device.
Both methods c:out
and JSP EL
will display output to the page, however there is one major difference. The c:out
tag will automatically escape xml output which can prevent cross site scripting. Using JSP EL
(the second option) will not escape the output.
When displaying data which has been inputted by a user use the c:out
tag instead of JSP EL
to prevent any malicious data input from displaying on the page.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With