To avoid cross-site scripting (XSS) attacks, EJS escapes any JavaScript code included within the ______ tags by default.
- <%= %>
- {{ }}
- {% %}
- ()()
In EJS, to avoid XSS attacks, JavaScript code is escaped by default when placed within <%= %> tags. This means that any code within these tags will be treated as plain text and not executed. The other options are not used for escaping JavaScript code in EJS.
Loading...
Related Quiz
- How can you handle error responses in Express for cleaner error reporting?
- How can you execute a block of code multiple times, as long as a specified condition is true, in JavaScript?
- You are developing a Node.js application where you need to perform a specific action immediately after the current operation completes. How would you use the process object to schedule this action?
- What type of files are generally served as static files in Express.js?
- What are the best practices for error handling in a large-scale Node.js application?