I would like to provide today some concepts from Javascript perspective in order to help you to protect against XSS attacks.
- Use of the encodeURI() method is a bit more specialized than escape() in that it encodes for URIs as opposed to the query string (which is only part of a URL). Use this method when you need to encrypt a line to be used for any resource that uses URIs and needs certain characters to remain un-encoded.
- The encodeURIComponent() function encodes a Uniform Resource Identifier (URI) component by replacing each instance of individual characters by one, two, three, or four escape sequences representing the UTF-8 encoding of the character (will only be four escape sequences for characters composed of two "surrogate" characters).
Happy coding,
Thiago Leoncio
No comments:
Post a Comment