For instance your bean.isIdiot is safe since you control bean. Of course if you have a big team requiring the use of <c:out> is an easier metric to enforce than only allow safe usage of bare ${}.
Hyrum wrote:
So, if not using <c: blah blah is unsafe, even if Leon and Rick think it's
ugly, and I don't want wicked users inserting script tags, am I stuck with
the original <c:choose method?? Or did I miss another option stuck in there
somewhere. The choose method works, but is there a better way? If you
wanna talk about ugly, I think
<c:choose> <c:when test="${bean.isIdiot}">Yes, I'm an Idiot</c:when> <c:otherwise>No, I'm not an Idiot</c:otherwise> </c:choose>
Is WAY uglier than
${bean.isIdiot ? "Yes, I'm an Idiot" : "No, I'm not an Idiot"}
even if the ugly way is safer. But that's just personal preference.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
