Technique for ensuring HTML- and URL-encoding

Posted by JW on Stack Overflow See other posts from Stack Overflow or by JW
Published on 2010-03-08T03:24:44Z Indexed on 2010/03/08 3:30 UTC
Read the original article Hit count: 603

Filed under:

html

|

url

|

encoding

|

templates

Has anyone implemented a good template system for ensuring that output is properly HTML-encoded where it makes sense? Maybe even something that recognizes when output should be URL-encoded or JSON-encoded instead?

The lazy approach — just encoding all inputs — causes problems when you want to send those inputs to a database, or to a block of JavaScript code. So something a little smarter is needed.

The tedious approach — putting the proper encoding function around each piece of data on the template — works, but it's easy for developers to forget to do it.

Is there a good approach that makes it easy for developers, and ensures that the right encoding is done? I was listening to one of the SO podcasts, and Joel tossed out an idea about using typed data to enforce a difference between HTML-encoded strings and non-encoded strings. Maybe that could be a starting point.

I'm looking more for a strategy than for an implementation in a particular language (although I'd be happy to hear about implementations that already exist and work).

© Stack Overflow or respective owner

Related posts about html

Install usblib package - Ubuntu

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I need the package libusb for another package I am installing. I tried the following which seemed to install the package, sudo apt-get install libusb-dev but when I try to install the other package I get, configure: error: Package requirements (libusb-1.0 >= 0.9.1) were not met: No package… >>> More
Prevent malicious vulnerability scan increasing load on a server

as seen on Server Fault - Search for 'Server Fault'
Hi all, this week we have been suffering some malicious vulnerability scans to our servers, increasing the load on them, making them nearly unusable. The attack is easy to defend, just blocking the offending ip, but only after discovering it. Is there any form of prevent it? Is it normal that… >>> More
can't install psycopg2 in my env on mac os x lion

as seen on Server Fault - Search for 'Server Fault'
I tried install psycopg2 via pip in my virtual env, but got this error: ld: library not found for -lpq (full log here: http://pastebin.com/XdmGyJ4u ) I tried install postgres 9.1 from .dmg and via port, (gksks)iMac-Alexander:~ lorddaedra$ locate libpq /Developer/SDKs/MacOSX10.7.sdk/usr/include/libpq /Developer/SDKs/MacOSX10… >>> More
Bitnami redmine error SVN

as seen on Server Fault - Search for 'Server Fault'
I'm installing the Bitnami Redmine stack (redmine + subversion). Firstly I install configure and test it locally (Ubuntu 14.04 LTS). And everything is OK. I install Bitnami stack on server (Red Hat 4.4.7-4) and configure SVN. I commit files into SVN and connect project into Redmine with SVN repository… >>> More
Can the .htaccess file slow down a website to a crawl? If so, are there better ways to solve these problems with different rewrite rules and such?

as seen on Pro Webmasters - Search for 'Pro Webmasters'
here is my htaccess file...... RewriteCond %{REQUEST_URI} ^/patients/billing/FAQ_billing\.html$ [OR] RewriteCond %{REQUEST_URI} ^/patients/billing/getintouch\.html$ RewriteRule ^patients/billing/(.*)\.html$ $1.php [L,NC] RewriteCond %{REQUEST_URI} ^/patients/findadoctor/a\.html$ [OR] RewriteCond… >>> More

Related posts about url

mod_rewrite for clean URL doesn't convert the URL to clean URL (but it's accessible) [on hold]

as seen on Pro Webmasters - Search for 'Pro Webmasters'
Basically what I want to do is to convert this: http://localhost/jariungu/user_caleg.php?idCaleg2014=3 into this: http://localhost/jariungu/caleg/3 I have managed to make /jariungu/caleg/3 to direct to the original URL (as in, if I open that URL, it directs me to the appropriate page). The problem… >>> More
Tip/Trick: Fix Common SEO Problems Using the URL Rewrite Extension

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Search engine optimization (SEO) is important for any publically facing web-site. A large % of traffic to sites now comes directly from search engines, and improving your site’s search relevancy will lead to more users visiting your site from search engine queries. This can directly or… >>> More
mod_rewrite one url to another url without changing source url

as seen on Stack Overflow - Search for 'Stack Overflow'
Is it possible to do a mod_rewrite from one url to another without changing what appears in the address bar? Example: Source URL is http://domain1.com/news Target URL is http://domain2.com/news I want to render pages from http://domain2.com/news/ but have http://domain1.com/news appear in the address… >>> More
ASP.NET MVC without Url Rewriting/Pretty Url

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I have hosting with IXWebHosting, but ISAPI_Rewrite is not enabled on their Windows Server. So I want to deploy my site without Url Rewriting/Pretty Url. Is it possible? Thanks in advance, Munim >>> More
Ant get task throws "get doesn't support nested resources element" error

as seen on Stack Overflow - Search for 'Stack Overflow'
The following ant xml should work according to documentation, but does not. Can anyone tell me if I'm doing something wrong. The get task should support the nested "resources" element in Ant 1.7.1 which is the version I'm using: … >>> More