• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

what is escape="false" in outputText

 
Leonidas Savvides
Ranch Hand
Posts: 403
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
what is escape="false" in outputText ?
 
Koen Aerts
Ranch Hand
Posts: 344
Java Linux Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When you "escape" the values, they are converted to an HTML-compliant representation, for instance:
- < will become &lt;
- > will become &gt;
- & will become &amp;
- etc.

When you disable this with 'escape="false"' then this conversion won't happen.
 
Brendan Healey
Ranch Hand
Posts: 218
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

The important thing to consider when using escape="false" is that you open yourself up to cross site scripting (XSS)
attacks, if the information being displayed is user entered.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic