PHP Classes

Encoding

Recommend this page to a friend!

      My Pagination  >  All threads  >  Encoding  >  (Un) Subscribe thread alerts  
Subject:Encoding
Summary:My Pagination html-Encoding
Messages:3
Author:Kay Uwe-Meyer
Date:2011-10-10 10:24:41
Update:2011-10-10 21:40:16
 

  1. Encoding   Reply   Report abuse  
Picture of Kay Uwe-Meyer Kay Uwe-Meyer - 2011-10-10 10:24:41
Hello,

please use the correct encoding for values in html-tags.
if you only encode the & you can hijack your code like this.

?test=%22/%3E%3Cscript%3Ealert(/test/);%3C/script%3E&page=%5Bpage%5D

You will also generate a not

I think this

en.wikipedia.org/wiki/HTML#Attribut ...

should help you.

best regard

Tom

  2. Re: Encoding   Reply   Report abuse  
Picture of Romil Jayme Romil Jayme - 2011-10-10 13:45:56 - In reply to message 1 from Kay Uwe-Meyer
Hi Tom, thanks..so what do you suggest I should use?

Best regards,

Romil


  3. Re: Encoding   Reply   Report abuse  
Picture of Kay Uwe-Meyer Kay Uwe-Meyer - 2011-10-10 21:40:16 - In reply to message 2 from Romil Jayme
Encode the full link via htmlentities($param, ENT_QUOTES);
The second argument is importent if you want to encode an attribute.

I hope it will help

Best regards..