JSP : JSTL's <c:out> tag

java jsp jstl tags
Steve Kuo picture Steve Kuo · Nov 14, 2008 · Viewed 223.9k times · Source

Writing a JSP page, what exactly does the <c:out> do? I've noticed that the following both has the same result:

<p>The person's name is <c:out value="${person.name}" /></p>
<p>The person's name is ${person.name}</p>

Answer

krosenvold picture krosenvold · Nov 14, 2008

c:out escapes HTML characters so that you can avoid cross-site scripting.

if person.name = <script>alert("Yo")</script>

the script will be executed in the second case, but not when using c:out

Related questions

JSTL if tag for equal strings

I've got a variable from an object on my JSP page: <%= ansokanInfo.getPSystem() %> The value of the variable is NAT which is correct and I want to apply certain page elements for this value. How do I use …

Read More
How to resolve : Can not find the tag library descriptor for "http://java.sun.com/jsp/jstl/core"

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <%@ page import="com.library.controller.*"%> <%@ page import="com.library.dao.*" %> <%@ page import="java.util.*" %> <%@ page import="java.lang.*" %> <%@ …

Read More
How to do if-else in Thymeleaf?

What's the best way to do a simple if-else in Thymeleaf? I want to achieve in Thymeleaf the same effect as <c:choose> <c:when test="${potentially_complex_expression}"> <h2>Hello!</h2> &…

Read More