Web Front-end
HTML Tutorial
A brief discussion on html escaping and methods to prevent javascript injection attacks
A brief discussion on html escaping and methods to prevent javascript injection attacks
The following editor will bring you a brief discussion on HTML escaping and methods to prevent JavaScript injection attacks. The editor thinks it’s pretty good, so I’ll share it with you now and give it as a reference. Let’s follow the editor and take a look.
Sometimes there will be an input box on the page. After the user inputs the content, it will be displayed on the page, similar to a web chat application. If the user enters a js script, the ratio is: <script>alert('test');</script>, a dialog box will pop up on the page, or if the input script contains code that changes the js variables of the page, the program will be interrupted. Exception or to achieve the purpose of skipping certain verification. So how to prevent this kind of malicious js script attack? This problem can be solved by html escaping.
1: What is html escaping?
html escaping is to convert special characters or html tags into their corresponding characters. For example: < will be escaped to <> or escaped to > like "<script>alert('test');</script>" this character will be escaped to: "<script> alert('test');</script>" when displayed again, the page will parse < into <, > into >, thus restoring the user's real input. What is ultimately displayed on the page is still "< ;script>alert('test');", which avoids js injection attacks and truly displays user input.
2: How to escape?
1. Implemented through js
//转义 元素的innerHTML内容即为转义后的字符
function htmlEncode ( str ) {
var ele = document.createElement('span');
ele.appendChild( document.createTextNode( str ) );
return ele.innerHTML;
}
//解析
function htmlDecode ( str ) {
var ele = document.createElement('span');
ele.innerHTML = str;
return ele.textContent;
}2. Implemented through jquery
function htmlEncodeJQ ( str ) {
return $('<span/>').text( str ).html();
}
function htmlDecodeJQ ( str ) {
return $('<span/>').html( str ).text();
}3. Use
var msg=htmlEncodeJQ('<script>alert('test');</script>'); $('body').append(msg);
It is recommended to use jquery for better compatibility.
The above is the detailed content of A brief discussion on html escaping and methods to prevent javascript injection attacks. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Is HTML easy to learn for beginners?
Apr 07, 2025 am 12:11 AM
HTML is suitable for beginners because it is simple and easy to learn and can quickly see results. 1) The learning curve of HTML is smooth and easy to get started. 2) Just master the basic tags to start creating web pages. 3) High flexibility and can be used in combination with CSS and JavaScript. 4) Rich learning resources and modern tools support the learning process.
The Roles of HTML, CSS, and JavaScript: Core Responsibilities
Apr 08, 2025 pm 07:05 PM
HTML defines the web structure, CSS is responsible for style and layout, and JavaScript gives dynamic interaction. The three perform their duties in web development and jointly build a colorful website.
Understanding HTML, CSS, and JavaScript: A Beginner's Guide
Apr 12, 2025 am 12:02 AM
WebdevelopmentreliesonHTML,CSS,andJavaScript:1)HTMLstructurescontent,2)CSSstylesit,and3)JavaScriptaddsinteractivity,formingthebasisofmodernwebexperiences.
What is an example of a starting tag in HTML?
Apr 06, 2025 am 12:04 AM
AnexampleofastartingtaginHTMLis,whichbeginsaparagraph.StartingtagsareessentialinHTMLastheyinitiateelements,definetheirtypes,andarecrucialforstructuringwebpagesandconstructingtheDOM.
Gitee Pages static website deployment failed: How to troubleshoot and resolve single file 404 errors?
Apr 04, 2025 pm 11:54 PM
GiteePages static website deployment failed: 404 error troubleshooting and resolution when using Gitee...
How to implement adaptive layout of Y-axis position in web annotation?
Apr 04, 2025 pm 11:30 PM
The Y-axis position adaptive algorithm for web annotation function This article will explore how to implement annotation functions similar to Word documents, especially how to deal with the interval between annotations...
HTML, CSS, and JavaScript: Essential Tools for Web Developers
Apr 09, 2025 am 12:12 AM
HTML, CSS and JavaScript are the three pillars of web development. 1. HTML defines the web page structure and uses tags such as, etc. 2. CSS controls the web page style, using selectors and attributes such as color, font-size, etc. 3. JavaScript realizes dynamic effects and interaction, through event monitoring and DOM operations.
How to use CSS3 and JavaScript to achieve the effect of scattering and enlarging the surrounding pictures after clicking?
Apr 05, 2025 am 06:15 AM
To achieve the effect of scattering and enlarging the surrounding images after clicking on the image, many web designs need to achieve an interactive effect: click on a certain image to make the surrounding...
