JSP : JSTL's <c:out> tag

java jsp jstl tags

Solution 1:

c:out escapes HTML characters so that you can avoid cross-site scripting.

if person.name = <script>alert("Yo")</script>

the script will be executed in the second case, but not when using c:out

Solution 2:

As said Will Wagner, in old version of jsp you should always use c:out to output dynamic text.

Moreover, using this syntax:

<c:out value="${person.name}">No name</c:out>

you can display the text "No name" when name is null.

Related

Ask for User Permission to Receive UILocalNotifications in iOS 8
POST JSON to API using Rails and HTTParty
Removing black dots from li and ul [duplicate]
Chrome violation : [Violation] Handler took 83ms of runtime
Is there an online name demangler for C++? [closed]
How to enable and disable upgradeInsecureRequests csp directive using Helmet 4.4.1 version node.js module
Closing an open workbook without knowing its full name [duplicate]
Basic Read CSV File Questions
CSS Selector for label bound to input
Elastic App Search Filter targeting CSV field
Why can void pointers be subtracted but not added?
How to concat a path + filename in python?