Question

In terms of functionality, what is the difference between '<%=' and '<%' in EJS templates?

Option 1: '<%=' is for conditionals, '<%' is for outputting values
Option 2: '<%=' outputs values, '<%' is for control flow
Option 3: Both are used for outputting values, but in different contexts
Option 4: '<%=' is for loops, '<%' is for conditional statements

Answer 1

In EJS templates, '<%= outputs values and escapes them for safety, while '<%' is used for JavaScript control flow operations like loops and conditionals.

Step-by-step explanation:

In EJS, or Embedded JavaScript templates, the difference between '<%=' and '<%' is significant. Option 2 is correct: '<%=' is used for outputting values to the template, and it automatically escapes the output, which means it converts characters that could be interpreted as HTML tags into their literal representations. This is important for preventing Cross-Site Scripting (XSS) attacks.

On the other hand, '<%' is used for control flow within the template, which includes JavaScript code for loops, conditionals, or any other logic that does not output content directly to the template.