HTML Entity Encoding

From OWASP
Revision as of 13:54, 15 November 2012 by Micheal w s mcnamee (Talk | contribs)

Jump to: navigation, search


Using HTML entity encoding is useful because HTML entities are 'inert' in most interpreters, especially browsers. This means that even if an attacker tricks your application into sending malicious code to another user's browser, the attack won't execute.

H