Encode HTML Before POST

April 27, 2023 Post a Comment

I have the following script, which encodes some of the value it receives propertly, but it does not seem to encode double quotes. How do I encode the full value properly before pos

Solution 1:

You shouldn't try to encode things with JavaScript.

You should encode it serverside.

Anything that can be done with JavaScript can be undone.

It is valid to encode it in JavaScript if you also check that it was encoded on the server, but keep in mind: JavaScript can be disabled.

Solution 2:

What George says is true. But, if you have to encode strings client-side, I'd suggest you use JavaScript's encodeURIComponent().

Solution 3:

I had a similar problem. I simply used the replace method in javascript. Here's a nice article to read: http://www.w3schools.com/jsref/jsref_replace.asp

Basically what the replace method does is it swaps or replaces the character it founds with what you indicate as replacement character(s).

So this:

var str=' " That " ';
str = str.replace(/"/g,'&quot;');

Once you log this into the console of your browser, you will get something like

&quot; That &quot;

And this:

var str=' " That " ';
str = str.replace(/"/g,'blahblahblah');

Once you log this into the console of your browser, you will get something like

blahblahblah That blahblahblah

Solution 4:

You can use this module in js, without requiring jQuery:

htmlencode

Solution 5:

You can re-use functions from php.js project - htmlentities and get_html_translation_table

Html5 Manual