nodejs/nodebestpractices
1
0
Fork 0
mirror of https://github.com/goldbergyoni/nodebestpractices.git synced 2025-10-29 16:46:01 +08:00
Code Issues Packages Projects Releases Wiki Activity

escape-output.md: Improved markdown rendering

Browse Source 
Improved markdown rendering to better match the blog quote
This commit is contained in:
Forresst
2021-03-17 10:35:23 +01:00
committed by GitHub
parent 4f570b8d7c
commit a9aefa0cc8
1 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
sections/security/escape-output.md
View File

@ -38,13 +38,18 @@ HTML and other web languages mix content with executable code - a single HTML pa
From the Blog [benramsey.com](https://benramsey.com/articles/escape-output/) From the Blog [benramsey.com](https://benramsey.com/articles/escape-output/)
> Data may leave your application in the form of HTML sent to a Web browser, SQL sent to a database, XML sent to an RSS reader, WML sent to a wireless device, etc. The possibilities are limitless. Each of these has its own set of special characters that are interpreted differently than the rest of the plain text received. Sometimes we want to send these special characters so that they are interpreted (HTML tags sent to a Web browser, for example), while other times (in the case of input from users or some other source), we dont want the characters to be interpreted, so we need to escape them. > Data may leave your application in the form of HTML sent to a Web browser, SQL sent to a database, XML sent to an RSS reader, WML sent to a wireless device, etc. The possibilities are limitless. Each of these has its own set of special characters that are interpreted differently than the rest of the plain text received. Sometimes we want to send these special characters so that they are interpreted (HTML tags sent to a Web browser, for example), while other times (in the case of input from users or some other source), we dont want the characters to be interpreted, so we need to escape them.
>
> Escaping is also sometimes referred to as encoding. In short, it is the process of representing data in a way that it will not be executed or interpreted. For example, HTML will render the following text in a Web browser as bold-faced text because the <strong> tags have special meaning: > Escaping is also sometimes referred to as encoding. In short, it is the process of representing data in a way that it will not be executed or interpreted. For example, HTML will render the following text in a Web browser as bold-faced text because the `<strong>` tags have special meaning:
<strong>This is bold text.</strong> >
But, suppose I want to render the tags in the browser and avoid their interpretation. Then, I need to escape the angle brackets, which have special meaning in HTML. The following illustrates the escaped HTML: > ```html
> <strong>This is bold text.</strong>
&lt;strong&gt;This is bold text.&lt;/strong&gt; > ```
>
> But, suppose I want to render the tags in the browser and avoid their interpretation. Then, I need to escape the angle brackets, which have special meaning in HTML. The following illustrates the escaped HTML:
>
> ```html
> &lt;strong&gt;This is bold text.&lt;/strong&gt;
> ```
<br/><br/> <br/><br/>