Reputation:
what is c:out used for in jsp
I have seen something like
<c:out something
</c:out>
what is this used for
Upvotes: 2
Views: 3821
Answers (3)
Reputation: 61031
This tag is used to output data directly to the page. It is useful if you have a variable you want to display to the user. By default c:out escapes html characters so that you are protected against an XSS attack.
Another feature is that you can provide a "default" string in the event that your expression is null:
<c:out value="${foo.bar}">Foobar is null!</c:out>
Upvotes: 2
Reputation: 274650
c:out can be used to print variables AND escapes HTML characters so is safer.
It is also useful for displaying default text when the variable is null.
e.g.
<c:out value="${variable}">variable is null</c:out>
will display "variable is null" if variable is not set.
Upvotes: 1
Reputation: 1108852
It is used to print server-side variables while taking HTML/XML escaping into account. When applying this on user-controlled input (request parameters, headers, cookies, saved data, etc), this will prevent your site from potential XSS attack holes.
If the data-to-be-displayed is in no way controlled by the enduser and you're using JSP 2.0 or newer (web.xml is declared as Servlet 2.4 or newer and the container supports it), then you can also just use
${bean.property}
instead of
<c:out value="${bean.property}" />
See also:
Upvotes: 5
Related Questions
- C:out tag in jstl
- c:out and ${} in JSP file
- JSP : JSTL's <c:out> tag
- <c:out/> single quote vs double quote. What is the difference?
- Whats this "c:" all about?
- Difference between c:out and print the output using $
- Where System.out writes in a servlet?
- JSP c:out instruction is not processed
- Must use <c:out> in Sun App Server 8.2?
- JSP/JSTL using or not using <c:out> tags