What are all the HTML escaping contexts?

后端 未结 5 1090
予麋鹿
予麋鹿 2021-02-09 03:45

When outputting HTML, there are several different places where text can be interpreted as control characters rather than as text literals. For example, in \"regular\" text (tha

5条回答
  •  鱼传尺愫
    2021-02-09 04:16

    If you are looking for the best practices to escape characters in web browsers (including HTML, JavaScript and style sheets), the XSS prevention cheat sheet by Michael Coates is probably what you're looking for. It includes a description of the different interpretation contexts, tables indicating how to encode characters in each context and code samples (using ESAPI).

    http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet

提交回复
热议问题