发表新帖
发表新帖

What is the difference between escapeXml and escapeHtml?

后端 未结
关注
4 1865
情话喂你
情话喂你 2020-12-16 13:32

I would like to escape characters in JSP pages. Which is more suitable, escapeXml or escapeHtml?

4条回答
  • 有刺的猬
    有刺的猬 (楼主)
    2020-12-16 14:03

    There's no such thing as escapeHtml in JSP. You normally use (it by the way already defaults to true, so you can omit it) or fn:escapeXml() to escape HTML in JSP.

    E.g.

    It will escape them as XML entities which works perfectly fine in plain HTML as well. They are only literally called XML entities because HTML entities are invalid in XML.

    See also:

    • Java 5 HTML escaping To Prevent XSS
    • Escaping html in Java

    0 讨论(0)
 看不清?
提交回复
热议问题