• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

c:out tag

 
Savyatha Reddy
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ranchers..
Could someone please explain the c ut tag and its attributes especially attribute named "escapeXML" and what are the scenarios in which this attribute is used for..
Thanks in advance..
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Did you try to look at the JSTL specification ? I think it's clear enough.
 
Savyatha Reddy
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Christophe Verre,
Thanks for the reply..
Now I have referred the spec and Iam clear abt the attibutes for the c ut tag.. but Iam still unable to distinguish escapeXML = true and escapeXML = false.. I understood that cross site hacking can be done by assigning false to escapeXML attribute.. Please illustrate how??
Thanks in advance!
 
Amruth Puppala
Ranch Hand
Posts: 295
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
Example
<c ut value='${paramFromForm}' escapeXml='true' />


if the "paramFormForm" has say "<b>some text</b>".
then the result would be displayed as is is i.e. "<b>some text</b>", not assome text, it won't excute any html tags they will displayed as text.
Example 2
<c ut value='${paramFromForm}' escapeXml='false' />


Now the result would be bolded like "some text".

about cross site hacking:
If we use escapeXml='true' so any one inserts some hacking code inside the "paramFromForm" text field of html page. Lets say it has some text inside the "<script>some hacking logic</script>" as escapeXml='true' won't process/excute any html tags it displayed as it is , So "<script>some hacking logic</script>" will not be executed,it will be displayed as it is like simple text. hence cross site hacking cannot be done if we use escapeXml='true'

Note:cross site hacking is saparate topic if you still not clear ,you need to know about cross site hacking.

Hope this helps.

[ August 01, 2008: Message edited by: Chintu sirivennela ]
[ August 01, 2008: Message edited by: Chintu sirivennela ]
 
Savyatha Reddy
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Lucid expanation..
Very much grateful to you!
 
Vishal Chugh
Ranch Hand
Posts: 177
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you , i was searching for the same
 
Salim Khatib
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks for the explanation
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic