0

I am studying Security and wanted to know the general approach to retrieve and display code to client after it is safely encoded and stored in the database.

Improve this question
1
  • &lt; for < and &gt; for > can display <script> normally with < and > Commented Mar 1, 2014 at 7:40

2 Answers 2

Reset to default
0

The following code is JS that will alert Hello :

<script>
 alert('Hello');
</script>

The above code can be displayed on a web page by replacing the < with &lt; and > with &gt :

&lt;script&gt;
 alert('Hello');
&lt;/script&gt;

The above will display as code, but won't execute on client side.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Output using:

htmlspecialchars($output, ENT_QUOTES, 'UTF-8');

If you are using a framework or template engine, they will inevitably have some sort of escape function or modifier to use from within a template which wraps this function.

See: https://www.php.net/htmlspecialchars

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.