Home Articles FAQs XREF Games Software Instant Books BBS About FOLDOC RFCs Feedback Sitemap

Feedback on: Creating 'Encoded' Name & Value Pairs, Tuesday May 08, 2007 at 13:01:40

You are here: irt.org | About | Feedback | 4545 [ previous next ]

Feedback on:
Creating 'Encoded' Name & Value Pairs

Sent by
vd on Tuesday May 08, 2007 at 13:01:40

Worth reading

Just right

Not technical enough

Unless I miss it, could you also cover the encoding of data before written out to the page. This is to prevent cross-site scripting. This includes 2 types:
1) Data written for rendering
2) Data written inside form value.

The item (2) needs to have the exact data if submit the form again. Also, javascript popup such as validation also must show correct user's perceived value, not encoded value.

In .net, there's HttpUtility.HtmlEncode function. I don't know one for Java.

Other feedback on 'Creating 'Encoded' Name & Value Pairs' - show all

©2018 Martin Webb