Why would anyone use ${someVar} over

Question

Using Spring MVC with JSP:

After some reading, I came to the conclusion, that if I print some value using

${someValue}

no html escaping is done. This is a problem since I want to print texts containing < > etc.

The solution I am going to use is to replace all occurencies of this kind using the <c:out>-tag like

<c:out value="${someValue}" />

My question is: Why would I want to use the short form in the first place?

The only valid usage I'd imagine would be, if I want to render the content of someValue as html (which in my opinion is rather the exceptional case).

EDIT: I've found another post which answers my question about when to use the short form, it can be found here

XSS prevention in JSP/Servlet web application

As stated in the link, it is important to wrap user-controlled input which is being re-displayed since this is the potential source for an attack.

So, if some value does not have any special characters e.g. like < or > and is not a value generated or controlled by the user, the shorthand form ${someValue} can be used.

possible duplicate of [JSP/JSTL using or not using tags](http://stackoverflow.com/questions/3423598/jsp-jstl-using-or-not-using-cout-tags) — Jonathan Scialpi, Sep 15 '15 at 13:03
Thanks for pointing to this link. I've edited my question trying to explain the difference and proposed a conclusion. — SebastianRiemer, Sep 15 '15 at 15:19

Why would anyone use ${someVar} over

0 Answers0