All Questions

1266
votes
36answers
787302 views

A potentially dangerous Request.Form value was detected from the client

Every time a user posts something containing < or > in a page in my web application, I get this exception thrown. I don't want to go into the discussion about the smartness of throwing an excep...
121
votes
14answers
129468 views

HtmlSpecialChars equivalent in Javascript?

Apparently, this is harder to find than I thought it would be. And it even is so simple... Is there a function equivalent to PHP's htmlspecialchars built into Javascript? I know it's fairly easy to i...
57
votes
9answers
37284 views

Will HTML Encoding prevent all kinds of XSS attacks?

I am not concerned about other kinds of attacks. Just want to know whether HTML Encode can prevent all kinds of XSS attacks. Is there some way to do an XSS attack even if HTML Encode is used?
107
votes
14answers
140415 views

How do I perform HTML decoding/encoding using Python/Django?

I have a string that is html encoded: &lt;img class=&quot;size-medium wp-image-113&quot; style=&quot;margin-left: 15px;&quot; title=&quot;su1&quot; src=&quot;ht...
46
votes
13answers
176918 views

How to remove html special chars?

I am creating a RSS feed file for my application in which I want to remove HTML tags, which is done by strip_tags. But strip_tags is not removing HTML special code chars: &nbsp; &amp; &c...
28
votes
11answers
74557 views

Html inside XML. Should I use CDATA or encode the HTML

I am using XML to share HTML content. AFAIK, I could embed the HTML either by: Encoding it: I don't know if it is completely safe to use. And I would have to decode it again. Use CDATA sections: I c...
145
votes
8answers
108621 views

HtmlEncode from Class Library

I have a class library (in C#). I need to encode my data using the HtmlEncode method. This is easy to do from a web application. My question is, how do I use this method from a class library that is b...
66
votes
5answers
97394 views

Display encoded html with razor

I store encoded HTML in the database. The only way i could display it correctly is : <div class='content'> @MvcHtmlString.Create(HttpUtility.HtmlDecode(Model.Content)); </div> I...
36
votes
5answers
16753 views

What is the difference between AntiXss.HtmlEncode and HttpUtility.HtmlEncode?

I just ran across a question with an answer suggesting the AntiXss library to avoid cross site scripting. Sounded interesting, reading the msdn blog, it appears to just provide an HtmlEncode() method....
31
votes
7answers
49012 views

Is there a JDK class to do HTML encoding (but not URL encoding)?

I am of course familiar with the java.net.URLEncoder and java.net.URLDecoder classes. However, I only need HTML-style encoding. (I don't want ' ' replaced with '+', etc). I am not aware of any JDK ...

Previous Next