EncodeForHTML()

Encodes the given string for safe output in HTML to stop Cross Site Scripting attacks.

Requires Extension: ESAPI extension


	EncodeForHTML( string=string, canonicalize=boolean );

Returns: String

Argument	Description	Default
string _{string, required}	edit string to encode
canonicalize _{boolean, optional}	edit If set to true, canonicalization happens before encoding. If set to false, the given input string will just be encoded. The default value for canonicalize is false. When this parameter is not specified, canonicalization will not happen. By default, when canonicalization is performed, both mixed and multiple encodings will be allowed. To use any other combinations you should canonicalize using canonicalize method and then do encoding. Introduced: 5.0.0.0	false

Argument

Description

Default

string

_{string,

required}

edit

string to encode

canonicalize

_{boolean,

optional}

edit

If set to true, canonicalization happens before encoding.

If set to false, the given input string will just be encoded. The default value for canonicalize is false. When this parameter is not specified, canonicalization will not happen.

By default, when canonicalization is performed, both mixed and multiple encodings will be allowed. To use any other combinations you should canonicalize using canonicalize method and then do encoding.

Introduced: 5.0.0.0

false

Examples

edit

Simple Example

writedump(encodeForHTML('<img src="">'));

EncodeForHTML()

Examples

Simple Example

See also