XmlFormat() 总是比 htmlEditFormat() 更好吗? [英] is XmlFormat() always better than htmlEditFormat()?

问题描述

今天在以下位置看到评论:http://www.bennadel.com/blog/2004-Escaping-Form-Values-Understanding-The-ColdFusion-htmlEditFormat-Life-Cycle.htm by 里克·奥斯本

Saw a comment today at: http://www.bennadel.com/blog/2004-Escaping-Form-Values-Understanding-The-ColdFusion-htmlEditFormat-Life-Cycle.htm by Rick Osborne

我已经开始让我的学生从htmlEditFormat 到 xmlFormat.作为你说，它捕捉到更多的字符，但它对于纯 XML 和打字速度更快.我没能想出一个令人信服的理由坚持使用 htmlEditFormat.

I've started moving my students from htmlEditFormat over to xmlFormat. As you said, it catches more characters, but it's also useful for pure XML and is faster to type. I haven't been able to come up with a compelling reason to stick with htmlEditFormat.

我们都应该开始使用 XmlFormat() 吗?除了性能稍慢之外，您能想出一个令人信服的理由"吗?

Should we all start using XmlFormat()? Can you think of a "compelling reason" other than maybe slightly slower in performance?

推荐答案

更新: 以下答案不再相关.我注意到通过在 HTMLEditFormat() 上使用 XMLFormat() 是 IE 不解释 ' 并因此造成严重破坏.

UPDATE: the below answer is no longer relevant. What i've noticed by using XMLFormat() over HTMLEditFormat() is that IE doesn't interpret the ' and thus causing havoc.

在我看来，如果它捕获更多(例如 Jason Dean 指出的单引号)从而使您的应用程序更安全，那么我会吃掉性能损失.实际上，1 毫秒或 2 毫秒可能会对性能造成多大影响?

in my opinion, if it catches more (such as single quotes that Jason Dean pointed out) thus making your app safer, then i'll eat the performance hit. in all reality, how much of a performance hit could it possible be... 1 or 2ms?

在即将发布的 cfwheels 1.1 版本中，我添加了一个 h() 方法，它是 htmleditformat() 方法的包装器.在阅读了本和这篇文章之后，我将把它切换到使用 XMLFormat() 来代替.

in the upcoming cfwheels 1.1 release, i added an h() method that was a wrapper for the htmleditformat() method. after reading both ben's and this post, i'm going to be switching it over to use XMLFormat() instead.

这篇关于XmlFormat() 总是比 htmlEditFormat() 更好吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！