thready
asked on
escape HTML literals to be sure there are no executable script hack attempts
Hi Experts,
Let's say I'm outputting something that I've taken input for previously. It's possible that someone tried to place executable javascript in that input field. I want to write a function that ensures a literal will not execute by escaping out the relevant characters.
Is there a standard way to do this? What's the best way?
Thanks,
Mike
Let's say I'm outputting something that I've taken input for previously. It's possible that someone tried to place executable javascript in that input field. I want to write a function that ensures a literal will not execute by escaping out the relevant characters.
Is there a standard way to do this? What's the best way?
Thanks,
Mike
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks everyone!
You're welcome. On several sites, I've had to kill the HTML5 crap because it did it wrong for what was needed. 'automatically' usually means that you have fixed all the problems and now it works 'automatically'.
LOL... when was the last time anything was delivered by any major software vendor without bugs?
Cd&
Cd&
Oh... yesterday between 4:03 and 4:04 AM... Never. And the biggest bug of all has always been 'them' believing without any evidence that they knew what was needed. As has been said... the nice thing about standards is that there are so many of them to choose from.
Cd&