stackoom
  简体   繁体   中英

URI encode and HTML encode

 原文  2010-03-24 06:51:28       html

Question

If I have the xml/html data to post we need to encode the data to avoid the XSS validation. So should we use HTMLencode or URI encoding for this.

If URI encoding is used will it cause issues as form POST automatically URI encode all the data before sending.

2 answers

solution1
 1 ACCPTED  2010-03-24 07:25:19

XSS is a problem caused by giving tainted data to the client. It can't be solved at the point where data is posted.

To protect against it, HTML encode the data (immediately) before placing it in an HTML document.

solution2
 1  2010-03-24 07:28:53

Remember: filter input, escape output .

  1. Always filter input before placing it in a database (to avoid SQL injection etc)
  2. Escape output before sending it to the client by filtering / encoding any HTML in the dynamic content.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question jQuery URI encode (char &) .html() attribute value Difference between Url Encode and HTML encode Links in HTML - encode or clean? Encode HTML in Flex/Actionscript HTML Decode and Encode Encode HTML entities in JavaScript Encode HTML entities When to encode as HTML in Grails Javascript Encode URL of HTML Encode HTML before POST
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM