All geek questions in one place

When should I dump HTML data and when should I retrieve data using a URL?

When should I output data from HTML to my code and when should I escape from the URL? I am confused which one to use when ...

For example, for an element requesting a URL:

<input type="text" value="DATA" name="URL">

Should I HTML-Escape DATA here or url avoid it here?

What about the item:

 <a href="URL" title="URL">NAME</a>

Should the URL be escaped using an url or escaped HTML? What about NAME ?

Thanks, Boda Sido.

+4
source share
3 answers

URL encoding ensures that special characters such as? and they donโ€™t cause the URL to be misinterpreted on the receiving side. In practice, this means that you will need to URL-encode any values โ€‹โ€‹of dynamic query strings that may contain such characters.

HTML coding ensures that special characters such as> and "do not cause the browser to misinterpret the markup. Therefore, you need HTML to encode any values โ€‹โ€‹output to the markup that may contain such characters.

So in your example:

  • DATA must be encoded in HTML format.
  • Any dynamic URL segments must be encoded in the URL, then the entire string must be encoded in HTML format.
  • The name must be encoded in HTML.
+6
source

HTML Escape when you write something in an HTML document.

Escape URL when you create a URL to call inside the code or to call the browser (i.e. in the href tag).

In your examples, you want the "Attribute" to avoid the attributes. (I can't remember the exact name of the function, but this is in HttpUtility ).

+2
source

In the examples you are showing, this should be the first URL escaping and then the escaped HTML:

 <a href="http://www.example.com?arg1=this%2C+that&amp;arg2=blah">
+2
source

Source: https://habr.com/ru/post/1299612/

More articles:


All Articles