Does HTML encoding prevent XSS security exploits?

后端 未结 3 1669
梦如初夏
梦如初夏 2021-02-13 20:10

By simply converting the following (\"the big 5\"):

& -> &
< -> <
> -> >
\" -> "
\' -> '
         


        
3条回答
  •  死守一世寂寞
    2021-02-13 20:25

    Counter measures depend on the context where the data is inserted in. If you insert the data into HTML, replacing the HTML meta character with escape sequences (i.e. character references) prevents inserting HTML code.

    But if your in another context (e.g. HTML attribute value that is interpreted as URL) you have additional meta characters with different escape sequences you have to deal with.

提交回复
热议问题