html-encode

Do I need to encode attribute values in MVC Razor?

巧了我就是萌 提交于 2021-02-19 01:14:39
问题 In a cshtml file, I'm assigning a string to an attribute. For example: <input name="somename" value="@Model.Value"> Since @Model.Value string could contain any Unicode character, obviously the string must be encoded. Will Razor encode this value automatically? I'm guessing it won't or can't because I could easily put a @Html.Raw immediately after it to break up the whole thing into two tags. I think what I need to do is this: <input name="somename" value="@Html.Raw(Html.AttributeEncode(Model

Do I need to encode attribute values in MVC Razor?

天大地大妈咪最大 提交于 2021-02-19 01:12:42
问题 In a cshtml file, I'm assigning a string to an attribute. For example: <input name="somename" value="@Model.Value"> Since @Model.Value string could contain any Unicode character, obviously the string must be encoded. Will Razor encode this value automatically? I'm guessing it won't or can't because I could easily put a @Html.Raw immediately after it to break up the whole thing into two tags. I think what I need to do is this: <input name="somename" value="@Html.Raw(Html.AttributeEncode(Model

Should I HTML encode response of my Web API

て烟熏妆下的殇ゞ 提交于 2020-02-29 17:07:49
问题 I am designing a Web API which returns JSON as the content-type, the response body could contain characters like ' , " , < and > , they are valid characters in JSON. So, my question is should I do HTML encode for my Web API response body or should I leave this task to HTML client who is consuming my Web API? 回答1: No; you must not. You must only escape data if and when you concatenate it into a structured format. If you return JSON like { "text": "Content by X & Y" } , anyone who reads that

Should I HTML encode response of my Web API

对着背影说爱祢 提交于 2020-02-29 17:07:04
问题 I am designing a Web API which returns JSON as the content-type, the response body could contain characters like ' , " , < and > , they are valid characters in JSON. So, my question is should I do HTML encode for my Web API response body or should I leave this task to HTML client who is consuming my Web API? 回答1: No; you must not. You must only escape data if and when you concatenate it into a structured format. If you return JSON like { "text": "Content by X & Y" } , anyone who reads that

What do I need to escape inside the html <pre> tag

可紊 提交于 2020-02-26 11:33:10
问题 I use the <pre> tag in my blog to post code. I know I have to change < to < and > to > . Are any other characters I need to escape for correct html? 回答1: What happens if you use the <pre> tag to display HTML markup on your blog: <pre>Use a <span style="background: yellow;">span tag with style attribute</span> to hightlight words</pre> This will pass HTML validation, but does it produce the expected result? No . The correct way is: <pre>Use a <span style="background: yellow;">span tag with

What do I need to escape inside the html <pre> tag

时光总嘲笑我的痴心妄想 提交于 2020-02-26 11:33:06
问题 I use the <pre> tag in my blog to post code. I know I have to change < to < and > to > . Are any other characters I need to escape for correct html? 回答1: What happens if you use the <pre> tag to display HTML markup on your blog: <pre>Use a <span style="background: yellow;">span tag with style attribute</span> to hightlight words</pre> This will pass HTML validation, but does it produce the expected result? No . The correct way is: <pre>Use a <span style="background: yellow;">span tag with

How do I display html encoded values in svg?

假装没事ソ 提交于 2020-01-28 10:55:05
问题 I am using d3 to generate svg and end up with markup similar to the following: <text class="rule" text-anchor="middle">&pound;10K</text> Compare to similar html that renders as expected. <div> £20,160 - £48,069 </div> Is there a property I need to set on the svg tag to get a similar type of encoding? I tried adding a meta tag to the page <meta name="content" content="application/xhtml+xml; charset=utf-8" /> but this did not work. 回答1: HTML entities are not defined in SVG. You can either use

html_entity_decode problem in PHP?

倾然丶 夕夏残阳落幕 提交于 2020-01-20 18:36:25
问题 I am trying to convert HTML entities from a source string to their literal character equivalent. For example: <?php $string = "Hello – World"; $converted = html_entity_decode($string); ?> Whilst this rightly converts the entity on screen, when I look at the HTML code it is still showing the explicit entity. I need to change that so that it literally converts the entity as I am not using the string within an HTML page. Any ideas on what I am doing wrong? FYI I am sending the converted string

HTML entity encoding (convert '<' to '<') on iPhone in objective-c

╄→尐↘猪︶ㄣ 提交于 2020-01-19 07:56:47
问题 I'm developing an application for the iPhone that has inApp-mail sending capabilities. So far so good, but now I want to avoid html-injections as some parts of the mail are user-generated texts. Basically I search for something like this: // inits NSString *sourceString = [NSString stringWithString:@"Hello world! Grüße dich Welt <-- This is in German."]; // ----- THAT'S WHAT I'M LOOKING FOR // pseudo-code | // V NSString *htmlEncodedString = [sourceString htmlEncode]; // log NSLog(@"source

HTML entity encoding (convert '<' to '<') on iPhone in objective-c

本秂侑毒 提交于 2020-01-19 07:56:07
问题 I'm developing an application for the iPhone that has inApp-mail sending capabilities. So far so good, but now I want to avoid html-injections as some parts of the mail are user-generated texts. Basically I search for something like this: // inits NSString *sourceString = [NSString stringWithString:@"Hello world! Grüße dich Welt <-- This is in German."]; // ----- THAT'S WHAT I'M LOOKING FOR // pseudo-code | // V NSString *htmlEncodedString = [sourceString htmlEncode]; // log NSLog(@"source