|
|
|
|
|
|
by jameshart
4292 days ago
|
|
|
This is what I always try to press home to developers I work with. It's not 'sanitization', it's encoding. In order to make a web browser display the string I've retrieved from my database, I have to turn it into an HTML representation that will be displayed as that string. In order to use a string in a JavaScript string literal, I need to turn it into a JavaScript string literal which represents the string. |
|
|