>>greater-than"> >>greater-than">

Presentation is loading. Please wait.

Presentation is loading. Please wait.

HTML and JS Escaping HowTo. What is escaping ? Escaping is a way to differentiate between characters used as part of syntax of a language and data. Eg:

Published byKerry Tate Modified over 9 years ago

Similar presentations

Presentation on theme: "HTML and JS Escaping HowTo. What is escaping ? Escaping is a way to differentiate between characters used as part of syntax of a language and data. Eg:"— Presentation transcript:

1 HTML and JS Escaping HowTo

2 What is escaping ? Escaping is a way to differentiate between characters used as part of syntax of a language and data. Eg: Java: String name="My name is \""; Javascript: Var name= "My name is \""; Html :

3 HTML Escaping Reserved Characters in HTML HTML and XHTML processors must support the five special characters listed in the table below: CharacterEntity NumberEntity NameDescription """quotation mark ''&apos;apostrophe &&&ampersand <<<less-than >>>greater-than

4 Javascript Escaping in Javascript you can use single quote(') or double quote as delimiter for strings. So If you have either double quote or single quote in the value it should be escaped as follows var iAmSingleQuote='\''; var iAmDoubleQuote="\"";

5 HTML & JS Escaping In case we need Both javascript HTML escaping do javascript escaping first and then do HTML Escaping Original -------------- Corrected with HTML and Javascript escaping ----------------------------------------------------------------

6 URL Encoding Why :RFC 1738: Uniform Resource Locators (URL) specification The specification for URLs (RFC 1738, Dec. '94) limits the use of allowed characters in URLs to only a limited subset of the US-ASCII character set: "...Only alphanumerics [0-9a-zA-Z], the special characters "$-_.+!*'()," [not including the quotes - ed], and reserved characters used for their reserved purposes may be used unencoded within a URL." URL encoding of a character consists of a "%" symbol, followed by the two- digit hexadecimal representation (case-insensitive) of the ISO-Latin code point for the character.ISO-Latin Eg : Use the javascript method encodeURIComponent() to encode all parameter values in URLs and encodeURI() to encode the whole URL. escape() method in javascript is deprecated and shouldn't be used.

7 Recommendation: HTML Escaping Use standard tag libraries like JSTL and Spring Tags.They handle escaping by default.They have boolean attributes related to escaping which are by default true. Eg : Spring form tag JSTL out tag

8 Recommendation: Javascript Escaping Get values from the Dom as much as possible and avoid assigning values from server side

9 Reference http://xkr.us/articles/javascript/encode-compare/#ref-js-ns http://www.permadi.com/tutorial/urlEncoding/ http://www.blooberry.com/indexdot/html/topics/urlencoding. htm http://www.w3.org/TR/REC-html40/sgml/entities.html

Download ppt "HTML and JS Escaping HowTo. What is escaping ? Escaping is a way to differentiate between characters used as part of syntax of a language and data. Eg:"

Similar presentations

JavaScript I. JavaScript is an object oriented programming language used to add interactivity to web pages. Different from Java, even though bears some.

JavaScript I. JavaScript is an object oriented programming language used to add interactivity to web pages. Different from Java, even though bears some.
Introducing JavaScript

Introducing JavaScript
JavaScript and AJAX Jonathan Foss University of Warwick

JavaScript and AJAX Jonathan Foss University of Warwick
WeB application development

WeB application development
Data Representation Kieran Mathieson. Outline Digital constraints Data types Integer Real Character Boolean Memory address.

Data Representation Kieran Mathieson. Outline Digital constraints Data types Integer Real Character Boolean Memory address.
XML Primer. 2 History: SGML vs. HTML vs. XML SGML (1960) XML(1996) HTML(1990) XHTML(2000)

XML Primer. 2 History: SGML vs. HTML vs. XML SGML (1960) XML(1996) HTML(1990) XHTML(2000)
XP Tutorial 1 New Perspectives on JavaScript, Comprehensive1 Introducing JavaScript Hiding E-Mail Addresses from Spammers.

XP Tutorial 1 New Perspectives on JavaScript, Comprehensive1 Introducing JavaScript Hiding Addresses from Spammers.
1 HTML’s Transition to XHTML. 2 XHTML is the next evolution of HTML Extensible HTML eXtensible based on XML (extensible markup language) XML like HTML.

1 HTML’s Transition to XHTML. 2 XHTML is the next evolution of HTML Extensible HTML eXtensible based on XML (extensible markup language) XML like HTML.
Week 09, Session 01 Other HTML Tags & HTML5 www.del.ac.id IF311315 Website Development Presented by: RDT.

Week 09, Session 01 Other HTML Tags & HTML5 IF Website Development Presented by: RDT.
Introduction to Programming Prof. Rommel Anthony Palomino Department of Computer Science and Information Technology Spring 2011.

Introduction to Programming Prof. Rommel Anthony Palomino Department of Computer Science and Information Technology Spring 2011.
JavaScript: Control Structures September 27, 2005 Slides modified from Internet & World Wide Web: How to Program. 2004 (3rd) edition. By Deitel, Deitel,

JavaScript: Control Structures September 27, 2005 Slides modified from Internet & World Wide Web: How to Program (3rd) edition. By Deitel, Deitel,
WEB DESIGN AND PROGRAMMING Introduction to Javascript.

WEB DESIGN AND PROGRAMMING Introduction to Javascript.
JavaScript, Fifth Edition Chapter 1 Introduction to JavaScript.

JavaScript, Fifth Edition Chapter 1 Introduction to JavaScript.
Copyright (c) 2010, Dr. Kuanchin Chen1 The Client-Server Architecture of the WWW Dr. Kuanchin Chen.

Copyright (c) 2010, Dr. Kuanchin Chen1 The Client-Server Architecture of the WWW Dr. Kuanchin Chen.
CNIT 133 Interactive Web Pags – JavaScript and AJAX JavaScript Environment.

CNIT 133 Interactive Web Pags – JavaScript and AJAX JavaScript Environment.
Introduction to XML. What is XML? Extensible Markup Language XML 1.0 1998 Easier-to-use subset of SGML (Standard Generalized Markup Language) XML is a.

Introduction to XML. What is XML? Extensible Markup Language XML Easier-to-use subset of SGML (Standard Generalized Markup Language) XML is a.
2440: 211 Interactive Web Programming Expressions & Operators.

2440: 211 Interactive Web Programming Expressions & Operators.
 2008 Pearson Education, Inc. All rights reserved. 1 4 4 Introduction to XHTML.

 2008 Pearson Education, Inc. All rights reserved Introduction to XHTML.
Chapter 3: Data Types and Operators JavaScript - Introductory.

Chapter 3: Data Types and Operators JavaScript - Introductory.
1 JavaScript in Context. Server-Side Programming.

1 JavaScript in Context. Server-Side Programming.

Similar presentations

Ads by Google