If I have the xml/html data to post we need to encode the data to avoid the XSS validation. So should we use HTMLencode or URI encoding for this.
If URI encoding is used will it cause issues as form POST automatically URI encode all the data before sending.
XSS is a problem caused by giving tainted data to the client. It can't be solved at the point where data is posted.
To protect against it, HTML encode the data (immediately) before placing it in an HTML document.
Remember: filter input, escape output .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.