Posted over 5 years ago
tlnt.co/p/oF

For those who think these are the only characters that need to be escaped in HTML.

If I had a dollar for every HTML escaper that only escapes &, <, >, and ", I'd have $0. Because my account would've been pwned via XSS.

You might also like

X-Tag: or how to cut your html in half by adding 28 lines of Javascript
Avoiding common HTML5 mistakes | HTML5 Doctor
Decoupling Your HTML, CSS, and JavaScript — Philip Walton

Comments

Default_thumb
Marcos Zanona

Very good, thanks a lot!

over 5 years ago   Like_icon 0 likes  

Talentopoly Newsletter

A once-weekly round-up of the best programming and design posts.

Join 2050+ subscribers

We will never spam or share your email address. Easily unsubscribe

Liked_post_header
Default_speck