Anil Namde
Reputation: 6608
URI encode and HTML encode
If I have the xml/html data to post we need to encode the data to avoid the XSS validation. So should we use HTMLencode or URI encoding for this.
If URI encoding is used will it cause issues as form POST automatically URI encode all the data before sending.
Upvotes: 0
Views: 703
Answers (2)
Mathias Bynens
Reputation: 149484
Remember: filter input, escape output.
- Always filter input before placing it in a database (to avoid SQL injection etc)
- Escape output before sending it to the client by filtering / encoding any HTML in the dynamic content.
Upvotes: 1
Quentin
Reputation: 943100
XSS is a problem caused by giving tainted data to the client. It can't be solved at the point where data is posted.
To protect against it, HTML encode the data (immediately) before placing it in an HTML document.
Upvotes: 1
Related Questions
- how to encode href attribute in HTML
- Difference between Url Encode and HTML encode
- HTML instead of URI encoding in regard to XSS?
- HTML encode not working properly for URL
- Encoding in Htmls
- Why url encode, or which characters to encode
- Encoded URL does not work
- How to disable URL Encode?
- HTML encoded links and anchors
- HTML Escapes