是XmlFormat（）总是比htmlEditFormat（）？ [英] is XmlFormat() always better than htmlEditFormat()?

问题描述

今天在以下网址查看评论： http://www.bennadel.com/blog/2004-Escaping-Form-Values-Understanding-The-ColdFusion-htmlEditFormat-Life-Cycle.htm Rick Osborne

Saw a comment today at: http://www.bennadel.com/blog/2004-Escaping-Form-Values-Understanding-The-ColdFusion-htmlEditFormat-Life-Cycle.htm by Rick Osborne

我已开始移动学生从
htmlEditFormat 到 xmlFormat 。作为
你说，它捕获更多的字符，
，但它也有用的纯XML和
更快的类型。我无法通过htmlEditFormat将
与一个令人信服的理由连接到
。

I've started moving my students from htmlEditFormat over to xmlFormat. As you said, it catches more characters, but it's also useful for pure XML and is faster to type. I haven't been able to come up with a compelling reason to stick with htmlEditFormat.

我们都开始使用 XmlFormat（）？

推荐答案

更新：以下答案不再相关。我注意到使用XMLFormat（）over HTMLEditFormat（）是IE不解释&'; ，从而造成严重破坏。

UPDATE: the below answer is no longer relevant. What i've noticed by using XMLFormat() over HTMLEditFormat() is that IE doesn't interpret the ' and thus causing havoc.

在我看来，如果它捕获更多（如Jason Dean指出的单引号），从而使你的应用程序更安全，那么我会吃性能打击。在所有现实中，在即将到来的cfwheels 1.1版本中，有多少性能命中可能是... 1或2ms？

in my opinion, if it catches more (such as single quotes that Jason Dean pointed out) thus making your app safer, then i'll eat the performance hit. in all reality, how much of a performance hit could it possible be... 1 or 2ms?

，我添加了一个h这是htmleditformat（）方法的包装器。阅读两个ben和这个帖子后，我将切换到使用XMLFormat（）。

in the upcoming cfwheels 1.1 release, i added an h() method that was a wrapper for the htmleditformat() method. after reading both ben's and this post, i'm going to be switching it over to use XMLFormat() instead.

这篇关于是XmlFormat（）总是比htmlEditFormat（）？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！