Posted over 5 years ago

For those who think these are the only characters that need to be escaped in HTML.

If I had a dollar for every HTML escaper that only escapes &, <, >, and ", I'd have $0. Because my account would've been pwned via XSS.

You might also like

How to implement a Post-to-Wall Facebook-like using PHP and jQuery
25 years of HyperCard—the missing link to the Web
Mobile Safari iOS5: position:fixed, overflow:scroll, new input type support and more...


Marcos Zanona

Very good, thanks a lot!

over 5 years ago   Like_icon 0 likes  

Talentopoly Newsletter

A once-weekly round-up of the best programming and design posts.

Join 2050+ subscribers

We will never spam or share your email address. Easily unsubscribe