Difference between revisions of "HTML Entity Encoding"
|(One intermediate revision by one other user not shown)|
Latest revision as of 06:09, 21 November 2012
This is a control. To view all control, please see the Control Category page.
HTML entity encoding is the process of replacing ASCII characters with their 'HTML Entity' equivalents. For example, you would replace the "<" character with "<"
Using HTML entity encoding is useful because HTML entities are 'inert' in most interpreters, especially browsers. This means that even if an attacker tricks your application into sending malicious code to another user's browser, the attack won't execute.